Lucene search
K
RedhatEnterprise Virtualization Manager

19 matches found

cve
cve
added 2018/05/08 6:0 p.m.500 views

CVE-2018-8897

CVE-2018-8897 covers a Linux kernel issue where a mishandled debug exception after MOV SS/POP SS can lead to a local privilege escalation or kernel crash. The vulnerability arises from how the kernel handles stack-switch sequencing and interrupts, potentially enabling privilege escalation in some...

7.8CVSS6.8AI score0.18696EPSS
cve
cve
added 2019/11/09 2:32 a.m.194 views

CVE-2009-3552

In RHEV-M VDC 2.2.0, the SSL certificate validation was not performed when using the client-side Red Hat Enterprise Virtualization Manager interface (a WPF-based browser app) to connect to the manager. This allows a local-network attacker to conduct a man-in-the-middle, potentially fooling users ...

3.1CVSS3.9AI score0.00353EPSS
cve
cve
added 2018/06/26 6:0 p.m.73 views

CVE-2018-1072

CVE-2018-1072 affects ovirt-engine prior to 4.2.2, where engine-backup logging could expose database credentials. The root cause is unfiltered passwords being written to provisioning logs when using --provision*db, leading to potential disclosure of usernames and passwords via shared logs. Public...

9.8CVSS9.3AI score0.00994EPSS
cve
cve
added 2013/01/04 10:0 p.m.70 views

CVE-2011-4316

CVE-2011-4316 affects Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1. The vulnerability arises because the desktop screen is not locked between SPICE sessions under certain conditions, enabling a local user with VM access to view or switch to other users’ desktop sessions via uns...

3.7CVSS6.6AI score0.00332EPSS
cve
cve
added 2013/01/04 10:0 p.m.65 views

CVE-2012-0861

The CVE-2012-0861 issue affects Red Hat Enterprise Virtualization Manager (RHEV-M) prior to version 3.1. During host addition, the vds_installer downloads deployUtil.py and vds_bootstrap.py with curl -k, skipping SSL certificate validation. This MITM condition lets an attacker on the local networ...

6.8CVSS7.5AI score0.00895EPSS
cve
cve
added 2013/07/03 6:0 p.m.63 views

CVE-2013-2144

Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 is affected. The issue is inadequate permission checks on the target storage domain when cloning a VM from a snapshot, which can allow an attacker to cause a denial of service via disk space exhaustion on the target domain. Remediation ...

5CVSS6.7AI score0.01244EPSS
cve
cve
added 2013/01/04 10:0 p.m.62 views

CVE-2012-0860

Concrete details found: CVE-2012-0860 affects Red Hat Enterprise Virtualization Manager (RHEV-M) up to version 3.1. The root cause is that Python configuration scripts (deployUtil.py or vds_bootstrap.py) stored in /tmp/ could be pre-created by a local unprivileged user during host addition, allow...

6.2CVSS6.7AI score0.004EPSS
cve
cve
added 2013/01/04 10:0 p.m.59 views

CVE-2012-2696

CVE-2012-2696 is a privilege-check flaw in the Red Hat Enterprise Virtualization Manager (RHEV-M) backend before 3.1. An authenticated attacker could issue queries against the RHEV-M SOAP or GWT APIs and read data they should not access, indicating an authorisation bypass in the back end. Connect...

2.7CVSS6.3AI score0.00784EPSS
cve
cve
added 2017/09/25 9:0 p.m.56 views

CVE-2015-7544

CVE-2015-7544 affects the redhat-support-plugin-rhev component in Red Hat Enterprise Virtualization Manager (RHEV Manager). The root cause is that the log viewer passed a user-specified path/filename directly to the command line, enabling remote authenticated users with the SuperUser role on any ...

9.1CVSS9.2AI score0.03438EPSS
cve
cve
added 2013/03/12 10:0 p.m.55 views

CVE-2013-0168

CVE-2013-0168 affects Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier. The MoveDisk command fails to properly enforce permissions on storage domains, allowing a privileged storage-domain admin to cause denial of service by consuming free space on other storage domains. The issu...

4CVSS6.5AI score0.01919EPSS
cve
cve
added 2015/05/01 3:0 p.m.55 views

CVE-2015-0257

CVE-2015-0257 affects Red Hat Enterprise Virtualization (RHEV) Manager (3.5.0 prior to 3.5.1). The vulnerability arises from weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, enabling a local user to read files in the directory and po...

2.1CVSS6AI score0.00383EPSS
cve
cve
added 2010/12/08 5:0 p.m.54 views

CVE-2010-2793

CVE-2010-2793 describes a race-condition in the SPICE plug-in for Internet Explorer used by Red Hat Enterprise Virtualization Manager (RHEV) prior to 2.2.4. The flaw lets a local attacker potentially gain privileges by exploiting knowledge of a specific named pipe and using ImpersonateNamedPipeCl...

6.8CVSS6.6AI score0.01038EPSS
cve
cve
added 2013/03/12 10:0 p.m.54 views

CVE-2012-6115

CVE-2012-6115 affects Red Hat Enterprise Virtualization Manager (RHEV-M) domain management tool: when using rhevm-manage-domains -action=validate on RHEV-M 3.1 and earlier, the administrative password is logged to a world-readable log file. This enables a local attacker to obtain sensitive inform...

2.1CVSS6AI score0.00371EPSS
cve
cve
added 2014/01/24 6:0 p.m.53 views

CVE-2013-6434

The CVE-2013-6434 issue affects Red Hat Enterprise Virtualization Manager (RHEV‑M) versions prior to 3.3, where the remote-viewer using a native SPICE client invocation initially makes insecure connections to the SPICE server. The underlying cause is how RHEV‑M relays SPICE connection information...

4.3CVSS6.5AI score0.00968EPSS
cve
cve
added 2015/05/01 3:0 p.m.52 views

CVE-2015-0237

Summary: Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.5.1 is affected by CVE-2015-0237 due to the system ignoring the permission to deny snapshot creation during live storage migration between storage domains. Root cause: permission to deny snapshot creation was ignored, enabling...

6.8CVSS6.4AI score0.01591EPSS
cve
cve
added 2013/01/04 10:0 p.m.51 views

CVE-2012-5516

The CVE-2012-5516 issue affects Red Hat Enterprise Virtualization Manager (RHEV-M) around version 3.1, where moving disks between storage domains fails to properly wipe-after-delete. The underlying effect is potential information disclosure from disks not securely deleted, exploitable by a local ...

2.1CVSS6AI score0.00352EPSS
cve
cve
added 2014/10/18 12:0 a.m.49 views

CVE-2014-3573

CVE-2014-3573 affects the oVirt Engine back end module used in Red Hat Enterprise Virtualization Manager prior to 3.4.2. The issue arises from an insecure DocumentBuilderFactory when loading XML/RSDL documents, enabling XML External Entity (XXE) attacks that could allow a remote attacker to read ...

6.5CVSS7.3AI score0.01762EPSS
cve
cve
added 2017/08/24 8:0 p.m.49 views

CVE-2015-5293

CVE-2015-5293 affects Red Hat Enterprise Virtualization Manager (RHEV) 3.6 and earlier. The issue arises when boot protocol is set to None, causing interfaces to receive valid SLAAC IPv6 addresses, which may enable remote attackers to communicate with a system that should be unreachable. The prov...

5.9CVSS5.8AI score0.01885EPSS
cve
cve
added 2010/06/24 5:0 p.m.45 views

CVE-2010-2224

CVE-2010-2224 affects Red Hat Enterprise Virtualization Manager (RHEV-M) prior to version 2.2. The issue is that the snapshot merging function does not properly pass the postzero parameter during operations on deleted volumes, which can allow a guest OS to read (inspecting) disk blocks belonging ...

2.1CVSS6.1AI score0.00327EPSS