Lucene search
K
RedhatEnterprise Virtualization

36 matches found

CVE
CVE
added 2018/05/17 4:0 p.m.383 views

CVE-2018-1111

The CVE-2018-1111 issue affects the DHCP client NetworkManager integration script in Red Hat Enterprise Linux 6/7, Fedora 28 and earlier. A malicious or spoofed DHCP server can inject commands with root privileges by exploiting the DHCP processing path, enabling remote command execution on affect...

7.9CVSS7.9AI score0.94457EPSS
CVE
CVE
added 2015/05/13 6:0 p.m.327 views

CVE-2015-3456

The CVE-2015-3456 VENOM issue affects QEMU’s Floppy Disk Controller emulation (FDC), also used by VirtualBox and other virtualization stacks in Xen 4.5.x and earlier and KVM. The vulnerability is a buffer/out-of-bounds condition in the FDC where certain commands (notably FD_CMD_READ_ID and FD_CMD...

7.7CVSS7.5AI score0.15275EPSS
CVE
CVE
added 2014/02/10 5:0 p.m.142 views

CVE-2012-3404

CVE-2012-3404 affects the GNU C Library (glibc) in the vfprintf path (stdio-common/vfprintf.c). The issue is a miscalculation of buffer length that can bypass Fortify_SOURCE format-string protections when using positional parameters with many specifiers, enabling context-dependent DoS via a craft...

5CVSS6.4AI score0.02225EPSS
CVE
CVE
added 2014/02/10 5:0 p.m.141 views

CVE-2012-3406

The CVE-2012-3406 issue concerns glibc’s vfprintf (stdio-common/vfprintf.c). It states that glibc 2.5, 2.12, and likely other versions fail to properly restrict the use of alloca when allocating the SPECS array, which can bypass FORTIFY_SOURCE format-string protection and lead to a denial of serv...

6.8CVSS7.8AI score0.03163EPSS
CVE
CVE
added 2010/08/24 5:0 p.m.113 views

CVE-2010-0435

CVE-2010-0435 is a KVM/Hypervisor NULL pointer dereference vulnerability that arises when Intel VT-x is enabled, allowing a privileged guest to crash the host via instruction-emulation vectors. Public advisories (RHBA/RHSA-2010-0622 for RHEL5/RHEV 2.2 and ELSA-2010-0627/ELSA-2010-0627) document h...

4.6CVSS7.2AI score0.00359EPSS
CVE
CVE
added 2014/02/10 5:0 p.m.113 views

CVE-2012-3405

CVE-2012-3405 affects the GNU C Library (glibc) vfprintf handling in stdio-common/vfprintf.c, where improper buffer length calculation can bypass Fortify_source format-string protection and trigger a denial of service via a crafted format string with many specifiers. Public references in the Debi...

5CVSS7.2AI score0.02087EPSS
CVE
CVE
added 2014/08/03 6:0 p.m.109 views

CVE-2014-0179

Libvirt vulnerability CVE-2014-0179 affects libvirt 0.7.5 through 1.2.x before 1.2.5. A crafted XML document containing an XML External Entity declaration with an entity reference to the virConnectCompareCPU or virConnectBaselineCPU API can be parsed due to XML_PARSE_NOENT behavior, allowing loca...

1.9CVSS7.6AI score0.0056EPSS
CVE
CVE
added 2013/11/02 7:0 p.m.97 views

CVE-2013-4282

CVE-2013-4282 – SPICE stack overflow vulnerability Affected: SPICE server components (SPICE 0.12.0 and related packages) where the reds_handle_ticket function in server/reds.c processes SPICE tickets.Root cause: stack-based buffer overflow triggered by a long password in a SPICE ticket.Impact: re...

5CVSS7.4AI score0.0273EPSS
Web
CVE
CVE
added 2008/10/02 6:0 p.m.96 views

CVE-2008-3522

Vulnerability CVE-2008-3522 affects JasPer 1.900.1: a buffer overflow in jas_stream_printf (libjasper/base/jas_stream.c) may be triggered via mif_hdr_put and the use of vsprintf, potentially enabling context-dependent attackers to impact in an unspecified way. Public-advisory entries (OpenSUSE/SU...

10CVSS5AI score0.04509EPSS
CVE
CVE
added 2013/01/31 11:0 p.m.94 views

CVE-2013-1591

CVE-2013-1591 describes a stack-based buffer overflow in the pixman library (libpixman), used by Pale Moon prior to 15.4. The issue is triggered by a path related to pixman’s manipulation routines and may cause crashes or, per some sources, potentially more severe outcomes. Connected advisories i...

10CVSS9.6AI score0.03626EPSS
CVE
CVE
added 2014/08/03 6:0 p.m.94 views

CVE-2014-5177

Technical details about CVE-2014-5177 are not publicly available in the provided connected documents. Monitor for updates in the cited advisories and vendor notices to obtain confirmed affected versions, impact, and remediation steps.

1.2CVSS7.8AI score0.00529EPSS
CVE
CVE
added 2014/01/21 6:0 p.m.92 views

CVE-2013-2151

CVE-2013-2151 affects Red Hat Enterprise Virtualization (RHEV) 3 and 3.2. The vulnerability is an unquoted Windows search path flaw in the rhev-guest-tools (Windows guest tools) and related agent/service, enabling local users to escalate privileges via a crafted executable located in an unquoted ...

7.2CVSS8.7AI score0.00414EPSS
CVE
CVE
added 2020/02/25 8:16 p.m.92 views

CVE-2015-5201

CVE-2015-5201 affects VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (RHEV-H) 6-6.x (before 6-6.7-20151117.0) and 7-7.x (before 7-7.2-20151119.0) as packaged before RHEV-H 3.5.6. The underlying issue occurs when VSDM runs with -spice disable-ticketing and a VM is suspended and t...

7.5CVSS7.6AI score0.01462EPSS
CVE
CVE
added 2018/06/19 1:0 p.m.87 views

CVE-2018-1117

CVE-2018-1117 affects ovirt-ansible-roles prior to 1.0.6. The issue comes from a missing no_log directive, causing admin passwords to be disclosed in the provisioning log when adding an oVirt provider to ManageIQ/CloudForms. Impact is information disclosure with potential privilege escalation in ...

9.8CVSS9.3AI score0.01424EPSS
CVE
CVE
added 2014/01/21 6:0 p.m.80 views

CVE-2013-2152

The CVE-2013-2152 entry describes an Unquoted Windows search path vulnerability in the SPICE service used by Red Hat Enterprise Virtualization (RHEV) 3.2, enabling local privilege escalation via a crafted executable in an unquoted path. This is caused by unquoted search paths in the SPICE service...

7.2CVSS8.7AI score0.00414EPSS
CVE
CVE
added 2010/08/24 5:0 p.m.79 views

CVE-2010-0429

CVE-2010-0429 concerns the libspice component of QEMU-KVM used by Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0. The vulnerability arises from not properly restricting addresses for memory-management actions, allowing a privileged guest user to cause a guest crash (denial of servi...

6.6CVSS7.5AI score0.00311EPSS
CVE
CVE
added 2013/08/19 11:0 p.m.77 views

CVE-2013-0167

CVE-2013-0167 affects Red Hat Enterprise Virtualization Hypervisor’s VDSM: when processing guestInfo dictionaries, unexpected fields can be exploited by a privileged guest to render the host unavailable to the management server. The issue is addressed in Red Hat advisories RHSA-2013:0886 (vdsm se...

2.7CVSS7.2AI score0.00562EPSS
CVE
CVE
added 2013/08/19 11:0 p.m.76 views

CVE-2013-4236

CVE-2013-4236 affects VDSM in Red Hat Enterprise Virtualization 3 and 3.2. The issue stems from an incomplete fix for CVE-2013-0167 and can allow a privileged guest user to make the host running the guest unavailable to the management server via invalid XML characters in a guest agent response. P...

2.7CVSS7.3AI score0.00557EPSS
CVE
CVE
added 2010/08/24 5:0 p.m.75 views

CVE-2010-0431

CVE-2010-0431 affects QEMU-KVM (RHEV/kvm) where the host did not fully validate guest QXL driver pointers, enabling a privileged guest? user to crash the host (denial of service) or potentially escalate privileges. Public data show Red Hat/RHEV hypervisor updates (RHSA-2010-0622) and KVM updates ...

6.6CVSS7.5AI score0.00314EPSS
CVE
CVE
added 2018/07/27 6:0 p.m.75 views

CVE-2017-2614

The CVE-2017-2614 issue affects ovirt-engine-extension-aaa-jdbc and the ovirt-aaa-jdbc-tool prior to 1.1.3. The root cause is that the tool fails to correctly verify the current password when it is expired during password updates in the rhvm database, allowing an attacker with access to change su...

6.8CVSS6.2AI score0.0028EPSS
CVE
CVE
added 2016/12/14 6:0 p.m.74 views

CVE-2016-4443

The CVE-2016-4443 issue affects Red Hat Virtualization Manager (RHEV/RHV) 3.6. A local attacker could read the engine-setup log file and obtain sensitive data, including encryption keys and certificates, due to improper logging of setup results. The root cause is leakage of confidential informati...

5.5CVSS5.1AI score0.00235EPSS
CVE
CVE
added 2018/04/26 5:0 p.m.73 views

CVE-2018-1074

CVE-2018-1074 affects ovirt-engine API and administration web portal before versions 4.2.2.5 and 4.1.11.2, exposing Power Management credentials (cleartext passwords) to Host Administrators who control the hosts. This could allow escalation to power-management systems. Connected sources confirm t...

7.7CVSS7AI score0.01496EPSS
CVE
CVE
added 2010/08/24 5:0 p.m.72 views

CVE-2010-2811

CVE-2010-2811 affects Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2. Root cause: VDSM does not properly accept TCP connections for SSL sessions, enabling remote attackers to cause a denial-of-service (daemon outage) via crafted SSL traffic. Public reference...

5.7CVSS7.3AI score0.00995EPSS
CVE
CVE
added 2016/10/03 6:0 p.m.71 views

CVE-2016-5432

CVE-2016-5432 affects the ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0. The root cause is that authentication details used with --provision*db outputs were not properly sanitized before being written to log files, potentially exposing sensitive informati...

3.3CVSS3.5AI score0.00346EPSS
CVE
CVE
added 2010/08/24 5:0 p.m.70 views

CVE-2010-0428

The CVE-2010-0428 issue affects the libspice component of QEMU-KVM used by the host in Red Hat Enterprise Virtualization Hypervisor (rhev-hypervisor) and qspice 0.3.0. It stems from inadequate validation of guest QXL driver pointers, which can allow a privileged guest user to crash the host (deni...

6.6CVSS7.5AI score0.00311EPSS
CVE
CVE
added 2015/09/08 3:0 p.m.70 views

CVE-2015-1841

CVE-2015-1841 affects Red Hat Enterprise Virtualization Manager (RHEV-M) Web Admin interface: an idle timeout bypass allows a local user to access the web interface after selecting a VM in the VM grid view. Root cause is the web admin’s timeout not logging out when a VM is selected. The vulnerabi...

3.7CVSS6.4AI score0.00325EPSS
CVE
CVE
added 2017/04/20 5:0 p.m.70 views

CVE-2016-6338

The CVE-2016-6338 issue affects ovirt-engine-webadmin (used by Red Hat Enterprise Virtualization Manager, RHEV-M, and RHEV-M 4.0). Root cause: webadmin session timeouts not properly enforced, enabling bypass via UI-driven actions that trigger repeating queries. Impact: potential session hijack/by...

6.8CVSS6.5AI score0.00519EPSS
CVE
CVE
added 2010/08/24 5:0 p.m.69 views

CVE-2010-2784

CVE-2010-2784 affects QEMU-KVM (as used by Red Hat Enterprise Virtualization Hypervisor and KVM) where the subpage MMIO initialization did not properly select the index to access the callback array. This flaw could allow a privileged guest user to crash the guest (denial of service) or, potential...

6.6CVSS7.6AI score0.00278EPSS
CVE
CVE
added 2013/09/16 7:0 p.m.64 views

CVE-2013-4181

CVE-2013-4181 is a reflected cross-site scripting (XSS) vulnerability in the addAlert function of the RedirectServlet used by oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M) in Red Hat Enterprise Virtualization 3 and 3.2. The issue allows an attacker to cause the user’s browse...

4.3CVSS5.8AI score0.01412EPSS
CVE
CVE
added 2014/08/06 7:0 p.m.64 views

CVE-2014-3559

The CVE affects Red Hat Enterprise Virtualization (oVirt storage backend). Root cause: memory snapshots are not wiped on VM deletion, even with wipe-after-delete enabled, allowing remote authenticated users to read portions of a VM’s memory from an uninitialized storage volume. Impact per provide...

3.5CVSS6AI score0.01443EPSS
CVE
CVE
added 2014/12/05 4:0 p.m.64 views

CVE-2014-3561

The CVE-2014-3561 issue affects Red Hat Enterprise Virtualization 3.4 via the rhevm-log-collector. The root cause is that rhevm-log-collector passes the PostgreSQL database password on the command line when invoking sosreport, enabling a local attacker to read the password by listing processes. T...

2.1CVSS6.1AI score0.00375EPSS
CVE
CVE
added 2013/08/28 5:0 p.m.63 views

CVE-2013-2176

CVE-2013-2176 is an unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) installed via rhev-guest-tools-iso (v3.2). The unquoted path could allow a local, unprivileged user to have a Trojan horse binary executed with SYSTEM p...

7.2CVSS8.7AI score0.00461EPSS
CVE
CVE
added 2014/07/11 2:0 p.m.58 views

CVE-2014-3485

The CVE-2014-3485 issue affects oVirt’s ovirt-engine REST API (RHEV/RHEVM 3.4). Affected component: REST API handling within the ovirt-engine/JBoss server. Root cause: XML External Entity (XXE) processing flaw in XML API calls. Impact: remote authenticated users could read arbitrary files accessi...

4CVSS6.6AI score0.01483EPSS
CVE
CVE
added 2019/11/04 6:50 p.m.57 views

CVE-2013-4280

CVE-2013-4280 affects RedHat vsdm 4.9.6 with an insecure temporary file vulnerability. The vulnerability’s impact is limited to integrity (I:H) with no confidentiality or availability impact per CVSS. It is a local-attack, low-complexity issue without required user interaction. Connected Nessus d...

5.5CVSS5.5AI score0.00422EPSS
CVE
CVE
added 2019/11/13 4:11 p.m.55 views

CVE-2014-8167

CVE-2014-8167 affects vdsm and vdsclient; the root cause is missing hostname validation when communicating with another vdsm, which could allow a man-in-the-middle attack. The connected sources confirm the vulnerable component and the behavioral flaw, but do not provide a patch version or mitigat...

5.9CVSS5.7AI score0.00726EPSS
CVE
CVE
added 2017/08/22 6:0 p.m.52 views

CVE-2016-6310

CVE-2016-6310 affects oVirt Engine (RHEV before 4.0). The vulnerability involves a information disclosure where ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD is exposed in /var/log/ovirt-engine/engine.log. The connected sources confirm the issue without detailing exploitation steps, affected versions bey...

5.5CVSS5.5AI score0.00358EPSS