Redhat Enterprise_virtualization
29 CVEs affecting Redhat Enterprise_virtualization. Latest disclosed: 2017-09-26. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2013-1591 | Critical | 9.8 | 2013-01-31 | Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vec… |
CVE-2014-8170 | High | 8.8 | 2017-09-26 | ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization… |
CVE-2016-6338 | Medium | 6.8 | 2017-04-20 | ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to b… |
CVE-2016-6310 | Medium | 5.5 | 2017-08-22 | oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. |
CVE-2016-4443 | Medium | 5.5 | 2016-12-14 | Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the… |
CVE-2016-5432 | Low | 3.3 | 2016-10-03 | The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning inform… |
CVE-2015-1841 | | 2015-09-08 | The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM gri… | |
CVE-2015-3456 | | 2015-05-13 | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write… | |
CVE-2014-3561 | | 2014-12-05 | The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, whic… | |
CVE-2014-3559 | | 2014-08-06 | The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is conf… | |
CVE-2014-5177 | | 2014-08-03 | libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document co… | |
CVE-2014-0179 | | 2014-08-03 | libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML ext… | |
CVE-2014-3485 | | 2014-07-11 | The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files… | |
CVE-2012-3406 | | 2014-02-10 | The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" th… | |
CVE-2012-3405 | | 2014-02-10 | The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, whic… | |
CVE-2012-3404 | | 2014-02-10 | The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, whic… | |
CVE-2013-2152 | | 2014-01-21 | Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges… | |
CVE-2013-2151 | | 2014-01-21 | Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted applicatio… | |
CVE-2013-4282 | | 2013-11-02 | Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) vi… | |
CVE-2013-4181 | | 2013-09-16 | Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager… |