9 matches found
CVE-2018-1062
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk...
CVE-2018-1062
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk...
ovirt-engine: When Wipe After Delete (WAD) and Enable Discard are both enabled for a VM disk, discarded data might not be wiped after the disk is removed.
It was discovered that the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially...
Design/Logic Flaw
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete WAD is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and...
CVE-2014-3559
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete WAD is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and...
PT-2014-5395 · Red Hat · Red Hat Enterprise Virtualization
Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization version 3.4 Description: The issue concerns the oVirt storage backend, which fails to wipe memory snapshots when a virtual machine VM is deleted, even if wipe-after-delete WAD is configured for the VM's disk...
Moderate: Red Hat Security Advisory: rhevm security update
Updated rhevm packages that fix one security issue are now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CVE link in the...
ovirt-engine-backend: memory snapshots not wiped when deleting a VM with wipe-after-delete (WAD) enabled for its disks
It was found that the oVirt storage back end did not wipe memory snapshots when VMs were deleted, even if wipe-after-delete WAD was enabled for the VM's disks. A remote attacker with credentials to create a new VM could use this flaw to potentially access the contents of memory snapshots in an...
Information disclosure
Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors...