Vulnerability-Lookup

CVE-2015-1841 (GCVE-0-2015-1841)

Vulnerability from cvelistv5 – Published: 2015-09-08 15:00 – Updated: 2024-08-06 04:54

Summary

The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

FKIE_CVE-2015-1841

Vulnerability from fkie_nvd - Published: 2015-09-08 15:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1713.html	Vendor Advisory
secalert@redhat.com	http://www.securitytracker.com/id/1033459
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1713.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033459

Impacted products

	Vendor	Product	Version
	redhat	enterprise_virtualization	3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "105130E9-D48E-4FB8-A715-E6438EC7E744",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la interfaz Web Admin en Red Hat Enterprise Virtualization Manager (RHEV-M), permite a usuarios locales eludir la funci\u00f3n timeout seleccionando una VM en la vista de cuadr\u00edcula VM."
    }
  ],
  "id": "CVE-2015-1841",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-08T15:59:00.127",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1713.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1033459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1713.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033459"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-17"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2015-1841

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.

Aliases

CVE-2015-1841

Aliases

CVE-2015-1841

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1841",
    "description": "The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.",
    "id": "GSD-2015-1841",
    "references": [
      "https://access.redhat.com/errata/RHSA-2015:1713"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1841"
      ],
      "details": "The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.",
      "id": "GSD-2015-1841",
      "modified": "2023-12-13T01:20:05.437251Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2015-1841",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-1713.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1713.html"
          },
          {
            "name": "http://www.securitytracker.com/id/1033459",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id/1033459"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-1841"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-17"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033459",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033459"
            },
            {
              "name": "RHSA-2015:1713",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1713.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.7,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-09-09T18:32Z",
      "publishedDate": "2015-09-08T15:59Z"
    }
  }
}

CNVD-2015-05889

Vulnerability from cnvd - Published: 2015-09-09

Title

Red Hat Enterprise Virtualization Hypervisor本地未授权访问漏洞

Description

Red Hat Enterprise Virtualization Hypervisor是一款虚拟化解决方案管理程序。当VM Grid view中选择VM时，Red Hat Enterprise Virtualization Hypervisor WEB管理接口未能正确处理会话超时，本地用户可访问其他WEB接口。

Severity

低

Patch Name

Red Hat Enterprise Virtualization Hypervisor本地未授权访问漏洞的补丁

Patch Description

Red Hat Enterprise Virtualization Hypervisor是一款虚拟化解决方案管理程序。当VM Grid view中选择VM时，Red Hat Enterprise Virtualization Hypervisor WEB管理接口未能正确处理会话超时，本地用户可访问其他WEB接口。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://rhn.redhat.com/errata/RHSA-2015-1713.html

Reference

https://rhn.redhat.com/errata/RHSA-2015-1713.html

Impacted products

Name
Red Hat Enterprise Virtualization Hypervisor

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1841"
    }
  },
  "description": "Red Hat Enterprise Virtualization Hypervisor\u662f\u4e00\u6b3e\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\u7ba1\u7406\u7a0b\u5e8f\u3002\r\n\r\n\u5f53VM Grid view\u4e2d\u9009\u62e9VM\u65f6\uff0cRed Hat Enterprise Virtualization Hypervisor WEB\u7ba1\u7406\u63a5\u53e3\u672a\u80fd\u6b63\u786e\u5904\u7406\u4f1a\u8bdd\u8d85\u65f6\uff0c\u672c\u5730\u7528\u6237\u53ef\u8bbf\u95ee\u5176\u4ed6WEB\u63a5\u53e3\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://rhn.redhat.com/errata/RHSA-2015-1713.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05889",
  "openTime": "2015-09-09",
  "patchDescription": "Red Hat Enterprise Virtualization Hypervisor\u662f\u4e00\u6b3e\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\u7ba1\u7406\u7a0b\u5e8f\u3002\u5f53VM Grid view\u4e2d\u9009\u62e9VM\u65f6\uff0cRed Hat Enterprise Virtualization Hypervisor WEB\u7ba1\u7406\u63a5\u53e3\u672a\u80fd\u6b63\u786e\u5904\u7406\u4f1a\u8bdd\u8d85\u65f6\uff0c\u672c\u5730\u7528\u6237\u53ef\u8bbf\u95ee\u5176\u4ed6WEB\u63a5\u53e3\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Red Hat Enterprise Virtualization Hypervisor\u672c\u5730\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Red Hat Enterprise Virtualization Hypervisor"
  },
  "referenceLink": "https://rhn.redhat.com/errata/RHSA-2015-1713.html",
  "serverity": "\u4f4e",
  "submitTime": "2015-09-06",
  "title": "Red Hat Enterprise Virtualization Hypervisor\u672c\u5730\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

GHSA-HF5Q-RVMP-XHFH

Vulnerability from github – Published: 2022-05-17 04:07 – Updated: 2022-05-17 04:07

Details

The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1841"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-09-08T15:59:00Z",
    "severity": "LOW"
  },
  "details": "The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.",
  "id": "GHSA-hf5q-rvmp-xhfh",
  "modified": "2022-05-17T04:07:54Z",
  "published": "2022-05-17T04:07:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1841"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1713.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033459"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

RHSA-2015:1713

Vulnerability from csaf_redhat - Published: 2015-09-03 17:08 - Updated: 2025-11-21 17:53

Summary

Red Hat Security Advisory: rhev-hypervisor security, bug fix, and enhancement update

Notes

Topic

Updated rhev-hypervisor packages that fix multiple security issues, several bugs, and add various enhancements are now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138) A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-3247) A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137) It was found that the idle timeout in the Red Hat Enterprise Virtualization Manager Web Admin interface failed to log out a session if a VM has been selected in the VM grid view. This could allow a local attacker to access the web interface if it was left unattended. (CVE-2015-1841) Red Hat would like to thank oCERT for reporting CVE-2014-8137 and CVE-2014-8138. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter. The CVE-2015-3247 issue was discovered by Frediano Ziglio of Red Hat. The CVE-2015-1841 issue was discovered by Einav Cohen of Red Hat. This update also fixes the following bug: * Previously, installing the Red Hat Enterprise Virtualization Hypervisor 7 RPM on a Red Hat Enterprise Linux 6 host failed, because no such thing was available. Now, the Red Hat Enterprise Virtualization Hypervisor 7 RPM is available in the rhel-6-server-rhevh-rpms channel, and can be installed on a Red Hat Enterprise Linux 6 host. (BZ#1193678) In addition, this update adds the following enhancement: * With this release, the Red Hat Enterprise Virtualizaton Hypervisor now includes the drivers for the Dell Shared PERC8 RAID Controller. (BZ#1186582) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated rhev-hypervisor packages that fix multiple security issues, several\nbugs, and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization \nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor \nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes \neverything necessary to run and manage virtual machines: A subset of the \nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise \nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for \nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA heap-based buffer overflow flaw was found in the way JasPer decoded JPEG\n2000 image files. A specially crafted file could cause an application using\nJasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138)\n\nA race condition flaw, leading to a heap-based memory corruption, was found\nin spice\u0027s worker_update_monitors_config() function, which runs under the\nQEMU-KVM context on the host. A user in a guest could leverage this flaw to\ncrash the host QEMU-KVM process or, possibly, execute arbitrary code with\nthe privileges of the host QEMU-KVM process. (CVE-2015-3247)\n\nA double free flaw was found in the way JasPer parsed ICC color profiles in\nJPEG 2000 image files. A specially crafted file could cause an application\nusing JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137)\n\nIt was found that the idle timeout in the Red Hat Enterprise Virtualization\nManager Web Admin interface failed to log out a session if a VM has been\nselected in the VM grid view. This could allow a local attacker to access\nthe web interface if it was left unattended. (CVE-2015-1841)\n\nRed Hat would like to thank oCERT for reporting CVE-2014-8137 and\nCVE-2014-8138. oCERT acknowledges Jose Duart of the Google Security Team as\nthe original reporter. The CVE-2015-3247 issue was discovered by Frediano\nZiglio of Red Hat. The CVE-2015-1841 issue was discovered by Einav Cohen\nof Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, installing the Red Hat Enterprise Virtualization Hypervisor 7\nRPM on a Red Hat Enterprise Linux 6 host failed, because no such thing was\navailable. Now, the Red Hat Enterprise Virtualization Hypervisor 7 RPM is\navailable in the rhel-6-server-rhevh-rpms channel, and can be installed on\na Red Hat Enterprise Linux 6 host. (BZ#1193678)\n\nIn addition, this update adds the following enhancement:\n\n* With this release, the Red Hat Enterprise Virtualizaton Hypervisor now\nincludes the drivers for the Dell Shared PERC8 RAID Controller.\n(BZ#1186582)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:1713",
        "url": "https://access.redhat.com/errata/RHSA-2015:1713"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1173157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1173157"
      },
      {
        "category": "external",
        "summary": "1173162",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1173162"
      },
      {
        "category": "external",
        "summary": "1174708",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174708"
      },
      {
        "category": "external",
        "summary": "1206332",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206332"
      },
      {
        "category": "external",
        "summary": "1225224",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225224"
      },
      {
        "category": "external",
        "summary": "1231027",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231027"
      },
      {
        "category": "external",
        "summary": "1233145",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233145"
      },
      {
        "category": "external",
        "summary": "1233238",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233238"
      },
      {
        "category": "external",
        "summary": "1248942",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248942"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1713.json"
      }
    ],
    "title": "Red Hat Security Advisory: rhev-hypervisor security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2025-11-21T17:53:31+00:00",
      "generator": {
        "date": "2025-11-21T17:53:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2015:1713",
      "initial_release_date": "2015-09-03T17:08:30+00:00",
      "revision_history": [
        {
          "date": "2015-09-03T17:08:30+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2015-09-03T17:08:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:53:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEV Hypervisor for RHEL-6",
                "product": {
                  "name": "RHEV Hypervisor for RHEL-6",
                  "product_id": "6Server-RHEV-Hypervisor",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RHEL 7-based RHEV-H",
                "product": {
                  "name": "RHEL 7-based RHEV-H",
                  "product_id": "7Server-RHEV-Hypervisor-7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
                "product": {
                  "name": "rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
                  "product_id": "rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhev-hypervisor7@7.1-20150827.1.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
                "product": {
                  "name": "rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
                  "product_id": "rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhev-hypervisor6@6.7-20150828.0.el6ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
                "product": {
                  "name": "rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
                  "product_id": "rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhev-hypervisor7@7.1-20150827.1.el7ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
                "product": {
                  "name": "rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
                  "product_id": "rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhev-hypervisor7@7.1-20150827.1.el6ev?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhev-hypervisor7-0:7.1-20150827.1.el7ev.src",
                "product": {
                  "name": "rhev-hypervisor7-0:7.1-20150827.1.el7ev.src",
                  "product_id": "rhev-hypervisor7-0:7.1-20150827.1.el7ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhev-hypervisor7@7.1-20150827.1.el7ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch as a component of RHEV Hypervisor for RHEL-6",
          "product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch"
        },
        "product_reference": "rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-Hypervisor"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch as a component of RHEV Hypervisor for RHEL-6",
          "product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch"
        },
        "product_reference": "rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
        "relates_to_product_reference": "6Server-RHEV-Hypervisor"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhev-hypervisor7-0:7.1-20150827.1.el6ev.src as a component of RHEV Hypervisor for RHEL-6",
          "product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src"
        },
        "product_reference": "rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
        "relates_to_product_reference": "6Server-RHEV-Hypervisor"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch as a component of RHEL 7-based RHEV-H",
          "product_id": "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch"
        },
        "product_reference": "rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
        "relates_to_product_reference": "7Server-RHEV-Hypervisor-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhev-hypervisor7-0:7.1-20150827.1.el7ev.src as a component of RHEL 7-based RHEV-H",
          "product_id": "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
        },
        "product_reference": "rhev-hypervisor7-0:7.1-20150827.1.el7ev.src",
        "relates_to_product_reference": "7Server-RHEV-Hypervisor-7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "oCERT"
          ]
        }
      ],
      "cve": "CVE-2014-8137",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2014-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1173157"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
          "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
          "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
          "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
          "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-8137"
        },
        {
          "category": "external",
          "summary": "RHBZ#1173157",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1173157"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-8137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-8137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8137"
        },
        {
          "category": "external",
          "summary": "http://www.ocert.org/advisories/ocert-2014-012.html",
          "url": "http://www.ocert.org/advisories/ocert-2014-012.html"
        }
      ],
      "release_date": "2014-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-09-03T17:08:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1713"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "oCERT"
          ]
        }
      ],
      "cve": "CVE-2014-8138",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2014-12-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1173162"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jasper: heap overflow in jp2_decode() (oCERT-2014-012)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
          "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
          "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
          "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
          "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-8138"
        },
        {
          "category": "external",
          "summary": "RHBZ#1173162",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1173162"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-8138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-8138"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-8138",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8138"
        },
        {
          "category": "external",
          "summary": "http://www.ocert.org/advisories/ocert-2014-012.html",
          "url": "http://www.ocert.org/advisories/ocert-2014-012.html"
        }
      ],
      "release_date": "2014-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-09-03T17:08:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1713"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jasper: heap overflow in jp2_decode() (oCERT-2014-012)"
    },
    {
      "acknowledgments": [
        {
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2015-1841",
      "discovery_date": "2015-02-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1206332"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that the idle timeout in the Red Hat Enterprise Virtualization Manager Web Admin interface failed to log out a session if a VM has been selected in the VM grid view. This could allow a local attacker to access the web interface if it was left unattended.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "RHEV-M: webadmin automatic logout fails if VM is selected",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
          "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
          "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
          "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
          "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-1841"
        },
        {
          "category": "external",
          "summary": "RHBZ#1206332",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206332"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1841",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-1841"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1841",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1841"
        }
      ],
      "release_date": "2015-03-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-09-03T17:08:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1713"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.7,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "RHEV-M: webadmin automatic logout fails if VM is selected"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Frediano Ziglio"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2015-3247",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "discovery_date": "2015-06-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1233238"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A race condition flaw, leading to a heap-based memory corruption, was found in spice\u0027s worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "spice: memory corruption in worker_update_monitors_config()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
          "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
          "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
          "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
          "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-3247"
        },
        {
          "category": "external",
          "summary": "RHBZ#1233238",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1233238"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3247"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3247",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3247"
        }
      ],
      "release_date": "2015-09-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-09-03T17:08:30+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1713"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.7,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.7-20150828.0.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.noarch",
            "6Server-RHEV-Hypervisor:rhev-hypervisor7-0:7.1-20150827.1.el6ev.src",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.noarch",
            "7Server-RHEV-Hypervisor-7:rhev-hypervisor7-0:7.1-20150827.1.el7ev.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "spice: memory corruption in worker_update_monitors_config()"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-1841 (GCVE-0-2015-1841)

FKIE_CVE-2015-1841

GSD-2015-1841

CNVD-2015-05889

GHSA-HF5Q-RVMP-XHFH

RHSA-2015:1713

Tags

Sightings

Nomenclature