VYPR

Manageiq Enterprise Virtualization Manager

by Red Hat

CVEs (17)

  • CVE-2015-7544CriSep 25, 2017
    risk 0.59cvss 9.1epss 0.03

    redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.

  • CVE-2016-6338MedApr 20, 2017
    risk 0.44cvss 6.8epss 0.01

    ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.

  • CVE-2015-5293MedAug 24, 2017
    risk 0.39cvss 5.9epss 0.02

    Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.

  • CVE-2013-2050Jan 11, 2014
    risk 0.04cvss epss 0.16

    SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an…

  • CVE-2015-1841Sep 8, 2015
    risk 0.00cvss epss 0.00

    The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.

  • CVE-2014-3573Oct 18, 2014
    risk 0.00cvss epss 0.02

    The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related…

  • CVE-2013-6434Jan 24, 2014
    risk 0.00cvss epss 0.01

    The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.

  • CVE-2013-4181Sep 16, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script…

  • CVE-2013-2144Jul 3, 2013
    risk 0.00cvss epss 0.01

    Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot.

  • CVE-2013-0168Mar 12, 2013
    risk 0.00cvss epss 0.02

    The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via…

  • CVE-2012-6115Mar 12, 2013
    risk 0.00cvss epss 0.00

    The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information…

  • CVE-2012-5516Jan 4, 2013
    risk 0.00cvss epss 0.00

    Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.

  • CVE-2012-2696Jan 4, 2013
    risk 0.00cvss epss 0.01

    The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.

  • CVE-2012-0861Jan 4, 2013
    risk 0.00cvss epss 0.01

    The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute…

  • CVE-2012-0860Jan 4, 2013
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/.

  • CVE-2011-4316Jan 4, 2013
    risk 0.00cvss epss 0.00

    Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified…

  • CVE-2010-2224Jun 24, 2010
    risk 0.00cvss epss 0.00

    The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks…