CVE-2010-3851 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.7 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:C/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Affected Products (NVD)

Vendor	Product	Version
libguestfs	libguestfs	𝑥 ≤ 1.5.22
libguestfs	libguestfs	1.5.0
libguestfs	libguestfs	1.5.1
libguestfs	libguestfs	1.5.2
libguestfs	libguestfs	1.5.3
libguestfs	libguestfs	1.5.4
libguestfs	libguestfs	1.5.5
libguestfs	libguestfs	1.5.6
libguestfs	libguestfs	1.5.7
libguestfs	libguestfs	1.5.8
libguestfs	libguestfs	1.5.9
libguestfs	libguestfs	1.5.10
libguestfs	libguestfs	1.5.11
libguestfs	libguestfs	1.5.12
libguestfs	libguestfs	1.5.13
libguestfs	libguestfs	1.5.14
libguestfs	libguestfs	1.5.15
libguestfs	libguestfs	1.5.16
libguestfs	libguestfs	1.5.17
libguestfs	libguestfs	1.5.18
libguestfs	libguestfs	1.5.19
libguestfs	libguestfs	1.5.20
libguestfs	libguestfs	1.5.21

𝑥

= Vulnerable software versions

Red Hat Enterprise Linux Releases

Red Hat Product

Release

guestfish

RHEL 6

1:1.7.17-17.el6

fixed

libguestfs

RHEL 6

1:1.7.17-17.el6

fixed

libguestfs-devel

RHEL 6

1:1.7.17-17.el6

fixed

libguestfs-java

RHEL 6

1:1.7.17-17.el6

fixed

libguestfs-java-devel

RHEL 6

1:1.7.17-17.el6

fixed

libguestfs-javadoc

RHEL 6

1:1.7.17-17.el6

fixed

libguestfs-mount

RHEL 6

1:1.7.17-17.el6

fixed

libguestfs-tools

RHEL 6

1:1.7.17-17.el6

fixed

libguestfs-tools-c

RHEL 6

1:1.7.17-17.el6

fixed

ocaml-libguestfs

RHEL 6

1:1.7.17-17.el6

fixed

ocaml-libguestfs-devel

RHEL 6

1:1.7.17-17.el6

fixed

perl-Sys-Guestfs

RHEL 6

1:1.7.17-17.el6

fixed

python-libguestfs

RHEL 6

1:1.7.17-17.el6

fixed

ruby-libguestfs

RHEL 6

1:1.7.17-17.el6

fixed

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html

http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/

http://secunia.com/advisories/41797

http://secunia.com/advisories/42235

http://www.redhat.com/support/errata/RHSA-2011-0586.html

http://www.securityfocus.com/bid/44166

http://www.vupen.com/english/advisories/2010/2874

http://www.vupen.com/english/advisories/2010/2963

https://bugzilla.redhat.com/show_bug.cgi?id=643958

https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html

https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html

https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html

http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/

http://secunia.com/advisories/41797

http://secunia.com/advisories/42235

http://www.redhat.com/support/errata/RHSA-2011-0586.html

http://www.securityfocus.com/bid/44166

http://www.vupen.com/english/advisories/2010/2874

http://www.vupen.com/english/advisories/2010/2963

https://bugzilla.redhat.com/show_bug.cgi?id=643958

https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html

https://www.redhat.com/archives/libguestfs/2010-October/msg00037.html

https://www.redhat.com/archives/libguestfs/2010-October/msg00041.html