VYPR

Enterprise Virtualization

by Red Hat

CVEs (51)

  • CVE-2013-1591CriJan 31, 2013
    risk 0.64cvss 9.8epss 0.04

    Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in…

  • CVE-2015-7544CriSep 25, 2017
    risk 0.59cvss 9.1epss 0.03

    redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.

  • CVE-2014-8170HigSep 26, 2017
    risk 0.57cvss 8.8epss 0.04

    ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to…

  • CVE-2016-6338MedApr 20, 2017
    risk 0.44cvss 6.8epss 0.01

    ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.

  • CVE-2015-5293MedAug 24, 2017
    risk 0.39cvss 5.9epss 0.02

    Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.

  • CVE-2016-6310MedAug 22, 2017
    risk 0.36cvss 5.5epss 0.00

    oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.

  • CVE-2016-4443MedDec 14, 2016
    risk 0.36cvss 5.5epss 0.00

    Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.

  • CVE-2016-5432LowOct 3, 2016
    risk 0.21cvss 3.3epss 0.00

    The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.

  • CVE-2015-3456May 13, 2015
    risk 0.04cvss epss 0.15

    The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND,…

  • CVE-2015-5201Feb 25, 2020
    risk 0.00cvss epss 0.01

    VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and…

  • CVE-2009-3552Nov 9, 2019
    risk 0.00cvss epss 0.00

    In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization…

  • CVE-2015-1841Sep 8, 2015
    risk 0.00cvss epss 0.00

    The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.

  • CVE-2015-0257May 1, 2015
    risk 0.00cvss epss 0.00

    Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

  • CVE-2015-0237May 1, 2015
    risk 0.00cvss epss 0.02

    Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot…

  • CVE-2014-3561Dec 5, 2014
    risk 0.00cvss epss 0.00

    The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.

  • CVE-2014-3573Oct 18, 2014
    risk 0.00cvss epss 0.02

    The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related…

  • CVE-2014-3559Aug 6, 2014
    risk 0.00cvss epss 0.01

    The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the…

  • CVE-2014-5177Aug 3, 2014
    risk 0.00cvss epss 0.01

    libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2)…

  • CVE-2014-0179Aug 3, 2014
    risk 0.00cvss epss 0.01

    libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2)…

  • CVE-2014-3485Jul 11, 2014
    risk 0.00cvss epss 0.01

    The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

Page 1 of 3