Enterprise Virtualization@3.4 Security Vulnerabilities and Issues — Enterprise Virtualization@3.4 CVE List

Lucene search

RedhatEnterprise Virtualization3.4

3 matches found

CVE•added 2014/08/06 7:55 p.m.•45 views

CVE-2014-3559

The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and o...

3.5CVSS6AI score0.00273EPSS

CVE•added 2014/12/05 4:59 p.m.•41 views

CVE-2014-3561

The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.

2.1CVSS6.1AI score0.00061EPSS

CVE•added 2014/07/11 2:55 p.m.•40 views

CVE-2014-3485

The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

4CVSS6.6AI score0.00267EPSS