Lucene search
K
RedhatVirtualization

128 matches found

CVE
CVE
added 2016/05/25 3:0 p.m.120 views

CVE-2016-4020

CVE-2016-4020 : In QEMU, the patch_instruction function in hw/i386/kvmvapic.c fails to initialize imm32, enabling a local guest OS administrator to leak host stack memory via the Task Priority Register (TPR). Several advisories (Debian DLA-574-1, CentOS/CESA-2017:1856, Gentoo GLSA-201609-01) docu...

6.5CVSS6.4AI score0.00372EPSS
CVE
CVE
added 2017/07/25 2:0 p.m.119 views

CVE-2017-7980

CVE-2017-7980 detailed : A heap-based buffer overflow in QEMU’s Cirrus CLGD 54xx VGA Emulator (Cirrus CLGD 54xx) used with Quick Emulator/ QEMU up to version 2.8 enables a local privileged guest to execute arbitrary code or cause a denial of service by exploiting a vulnerability when a VNC client...

7.8CVSS7.2AI score0.00625EPSS
CVE
CVE
added 2009/10/20 5:0 p.m.118 views

CVE-2009-2910

CVE-2009-2910 affects the Linux kernel’s ia32 entry path on x86_64. The issue is that arch/x86/ia32/ia32entry.S does not clear certain kernel registers before returning to user mode, which allows a local attacker to read register values from an earlier process after switching an ia32 process into...

2.1CVSS5.9AI score0.00414EPSS
CVE
CVE
added 2020/02/11 3:35 p.m.116 views

CVE-2013-4535

QEMU's virtqueue_map_sg in hw/virtio/virtio.c (affected: before 1.7.2) allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. Root cause is in virtqueue handling; impact is arbitrary code execution with local access. Remediati...

8.8CVSS8.4AI score0.00957EPSS
CVE
CVE
added 2013/02/13 1:0 a.m.115 views

CVE-2012-6075

CVE-2012-6075 is a buffer overflow in the e1000_receive function of the e1000 device driver (hw/e1000.c) used by QEMU 1.3.0-rc2 and related versions when SBP and LPE flags are disabled. The vulnerability could allow a remote attacker to crash the guest OS or potentially execute arbitrary code ins...

9.3CVSS7.8AI score0.04904EPSS
CVE
CVE
added 2020/02/11 2:13 a.m.110 views

CVE-2014-0144

CVE-2014-0144 affects QEMU before 2.0.0: block drivers for CLOOP, QCOW2 v2, and other image formats are vulnerable due to missing input validations that can cause memory corruption, integer/buffer overflows, or crashes. An attacker could potentially execute arbitrary code on the host with QEMU pr...

8.6CVSS7.2AI score0.01002EPSS
CVE
CVE
added 2009/11/16 7:0 p.m.108 views

CVE-2009-3939

CVE-2009-3939 affects the Linux kernel megaraid_sas driver: the poll_mode_io file has world-writable permissions in kernel 2.6.31.6 and earlier. This enables local users to change the driver I/O mode by modifying the file. The description notes local access and manipulation of driver behavior, wi...

7.1CVSS6.4AI score0.00444EPSS
CVE
CVE
added 2018/08/20 9:0 p.m.107 views

CVE-2015-5160

CVE-2015-5160 affects libvirt before 2.2, where Ceph credentials used on the qemu command line for RADOS Block Device (RBD) can be exposed to local users via a process listing. Impact is local information disclosure of Ceph credentials. Affected component: libvirt (libvirtd) with RBD usage; root ...

5.5CVSS5.8AI score0.0041EPSS
CVE
CVE
added 2016/12/10 12:0 a.m.107 views

CVE-2016-6835

CVE-2016-6835 — QEMU vmxnet_tx_pkt_parse_headers vulnerability in hw/net/vmxnet_tx_pkt.c allows a local guest OS administrator to trigger a denial of service via a buffer over-read caused by failing to check the IP header length. This is a local, attacker-privileged issue inside the guest, with p...

6CVSS6.5AI score0.00392EPSS
CVE
CVE
added 2016/12/10 12:0 a.m.107 views

CVE-2016-6888

CVE-2016-6888 in QEMU (net_tx_pkt_init in hw/net/net_tx_pkt.c) has an integer overflow when handling the maximum fragmentation count, triggering an unchecked multiplication and a NULL pointer dereference. This allows a local privileged user/guest to cause a denial of service (QEMU process crash)....

4.4CVSS6.1AI score0.00381EPSS
CVE
CVE
added 2014/06/05 8:0 p.m.104 views

CVE-2014-3468

The CVE concerns GNU Libtasn1 prior to version 3.6, where asn1_get_bit_der does not properly report an error for a negative bit length. This can enable context-dependent attackers to trigger out-of-bounds access via crafted ASN.1 data, potentially impacting applications using libtasn1. Public ref...

7.5CVSS5.8AI score0.03789EPSS
CVE
CVE
added 2022/08/26 5:25 p.m.104 views

CVE-2022-0207

Summary: CVE-2022-0207 affects the vdsm component used in oVirt/Red Hat Virtualization. A race condition in the functionality that obfuscates sensitive values in logs may cause sensitive data to be stored in clear text. Impact (as stated): exposure of sensitive values via log files. Affected soft...

4.7CVSS4.5AI score0.00186EPSS
CVE
CVE
added 2016/12/10 12:0 a.m.102 views

CVE-2016-7422

CVE-2016-7422 affects QEMU’s virtio/virtio.c: virtqueue_map_desc allows a local guest OS administrator to trigger a NULL pointer dereference by using a large I/O descriptor buffer length, leading to QEMU process crash. Remediation in connected docs shows fixes via rebases to QEMU 2.9.0 (RHSA-2017...

6CVSS5AI score0.00364EPSS
CVE
CVE
added 2016/12/10 12:0 a.m.102 views

CVE-2016-7466

CVE-2016-7466 is a memory-leak denial-of-service issue in QEMU’s USB xHCI emulation when MSI-X is used. The usb_xhci_exit path can leak memory during repeated USB unplug actions, allowing a local privileged user (guest) to exhaust host memory or crash the QEMU process. Public details confirm the ...

6CVSS5.4AI score0.00421EPSS
CVE
CVE
added 2018/07/26 2:0 p.m.101 views

CVE-2016-8647

CVE-2016-8647 affects Ansible’s mysql_user module before 2.2.1.0. The issue is an input validation vulnerability that may fail to correctly change a password, leaving the previous password active. The provided documents do not specify exploit details, affected versions beyond the stated pre-2.2.1...

4.9CVSS5.8AI score0.01428EPSS
CVE
CVE
added 2014/06/05 8:0 p.m.98 views

CVE-2014-3469

CVE-2014-3469 affects GNU libtasn1 before 3.6, where the functions asn1_read_value_type and asn1_read_value may dereference a NULL ivalue. In this context, crafted ASN.1 data can trigger a NULL pointer dereference in the library, leading to a denial of service (crash). The vulnerability is noted ...

5CVSS5.6AI score0.03817EPSS
CVE
CVE
added 2020/02/11 3:30 a.m.97 views

CVE-2014-0147

CVE-2014-0147 affects QEMU before 1.6.2, where a logic error with signed data types during QCOW2 snapshot creation (impacting QCOW2 and disk image formats used by Bochs) can cause a crash by incorrectly calling update_refcount(). Root cause is a signed data type/logical error in snapshot handling...

6.2CVSS6.5AI score0.00329EPSS
CVE
CVE
added 2017/05/23 5:0 p.m.94 views

CVE-2017-9214

Summary: CVE-2017-9214 affects Open vSwitch (OvS) 2.7.0 and is due to a buffer over-read caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 while parsing OFPT_QUEUE_GET_CONFIG_REPLY (OFP 1.0). Impact (as described): Buffer over-read with potential denial...

9.8CVSS9.3AI score0.02887EPSS
CVE
CVE
added 2018/08/09 7:0 p.m.90 views

CVE-2018-10908

CVE-2018-10908 affects vdsm prior to 4.20.37. The issue arises when vdsm invokes qemu-img on untrusted inputs without limiting resources, enabling an attacker to cause unbounded memory/CPU usage and a denial of service affecting other host users. Documented impact: local access required; CVSS vec...

7.1CVSS6.2AI score0.01185EPSS
CVE
CVE
added 2018/07/26 2:0 p.m.88 views

CVE-2017-7539

CVE-2017-7539 affects QEMU’s NBD server: an assertion-failure during initial connection negotiation can crash qemu-nbd, enabling a remote DoS. Affected product: QEMU/NBD server prior to 2.10.1. Root cause: I/O coroutine in the initial negotiation is undefined. Impact: Denial of service via server...

7.5CVSS7.1AI score0.05529EPSS
CVE
CVE
added 2020/02/11 3:43 a.m.87 views

CVE-2014-0148

CVE-2014-0148 affects QEMU before 2.0, specifically the block driver for Hyper-V VHDX images. The issue arises from missing bounds checks for block_size and logical_sector_size when deriving BAT-related fields, enabling a local user who can modify a disk image to crash the QEMU guest (DoS). Publi...

5.5CVSS6.5AI score0.00304EPSS
CVE
CVE
added 2018/07/27 4:0 p.m.87 views

CVE-2017-15113

CVE-2017-15113 affects ovirt-engine (Red Hat Virtualization Manager) prior to version 4.1.7.6, where DEBUG logging exposes passwords in plaintext in log files. The issue arises because log level DEBUG can reveal sensitive credentials, and only admins can change log level/access logs; this creates...

7.2CVSS6.3AI score0.01164EPSS
CVE
CVE
added 2020/12/21 4:22 p.m.85 views

CVE-2020-35497

CVE-2020-35497 affects ovirt-engine (Red Hat Virtualization Manager)

6.5CVSS6.2AI score0.00754EPSS
CVE
CVE
added 2010/01/27 5:0 p.m.84 views

CVE-2009-4272

CVE-2009-4272 relates to a Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on RHEL 5. It enables remote attackers to cause a denial of service (deadlock) by sending crafted packets that trigger collisions in the IPv4 routing hash table, prompting a routing “emergency” with a hash ch...

7.8CVSS6.9AI score0.11051EPSS
CVE
CVE
added 2018/06/19 12:0 p.m.80 views

CVE-2018-1073

CVE-2018-1073 affects the oVirt-engine web console login form, where versions before 4.2.3 reveal different errors for non-existent users vs. invalid passwords, enabling attacker user enumeration. The issue is documented in Red Hat RHSA-2018:1525 and related advisories, with remediation via the a...

5.3CVSS5.5AI score0.01908EPSS
CVE
CVE
added 2022/10/19 12:0 a.m.80 views

CVE-2022-2805

The CVE-2022-2805 entry concerns the ovirt-engine component where plaintext passwords are logged when using otapi-style, enabling a sufficiently privileged attacker to read log files and obtain confidential data. Affected product: ovirt-engine (Red Hat Virtualization Manager). Root cause: logging...

6.5CVSS6.1AI score0.00399EPSS
CVE
CVE
added 2019/03/25 6:30 p.m.79 views

CVE-2019-3879

In oVirt, REST API before version 4.3.2.1 allows RemoveDiskCommand to run as an internal command, skipping permission validation and enabling a low-privilege user to delete disks attached to guests. A fix exists in 4.3.2.1 and later; upgrade to that version or apply the relevant Red Hat/oVirt upd...

8.1CVSS7.9AI score0.01864EPSS
CVE
CVE
added 2019/11/22 2:17 p.m.74 views

CVE-2015-1780

CVE-2015-1780 affects oVirt (notably ovirt-engine) where users holding MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center. The connected Nessus entries corroborate an unpatched exposure for this vulnerability, but the provided documents do not include patch versi...

6.5CVSS6.4AI score0.01036EPSS
Total number of security vulnerabilities128