Vdsm
by Ovirt
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3706 | Med | 0.38 | 5.9 | 0.01 | Oct 18, 2017 | ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | ||
| CVE-2022-0207 | 0.00 | — | 0.00 | Aug 26, 2022 | A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. | |||
| CVE-2014-8167 | 0.00 | — | 0.01 | Nov 13, 2019 | vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | |||
| CVE-2019-3831 | 0.00 | — | 0.01 | Mar 25, 2019 | A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root. | |||
| CVE-2018-10908 | 0.00 | — | 0.01 | Aug 9, 2018 | It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service… | |||
| CVE-2014-7968 | 0.00 | — | 0.02 | Oct 22, 2014 | VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open. | |||
| CVE-2013-4236 | 0.00 | — | 0.01 | Aug 19, 2013 | VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167. | |||
| CVE-2013-0167 | 0.00 | — | 0.01 | Aug 19, 2013 | VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." |
- risk 0.38cvss 5.9epss 0.01
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
- CVE-2022-0207Aug 26, 2022risk 0.00cvss —epss 0.00
A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.
- CVE-2014-8167Nov 13, 2019risk 0.00cvss —epss 0.01
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
- CVE-2019-3831Mar 25, 2019risk 0.00cvss —epss 0.01
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
- CVE-2018-10908Aug 9, 2018risk 0.00cvss —epss 0.01
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service…
- CVE-2014-7968Oct 22, 2014risk 0.00cvss —epss 0.02
VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.
- CVE-2013-4236Aug 19, 2013risk 0.00cvss —epss 0.01
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167.
- CVE-2013-0167Aug 19, 2013risk 0.00cvss —epss 0.01
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."