Redhat Enterprise Virtualization — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Enterprise Virtualization, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2008-3522 — CVSS 10.0 (critical): Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers…
CVE-2013-1591 — CVSS 9.8 (critical): Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and…
CVE-2018-1074 — CVSS 7.7 (high): ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management…
CVE-2015-3456 — CVSS 7.7 (high): The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service…
CVE-2018-1111 — CVSS 7.5 (high): DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager…
CVE-2015-5201 — CVSS 7.5 (high): VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before…
CVE-2013-2151 — CVSS 7.2 (high): Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via…
CVE-2013-2176 — CVSS 7.2 (high): Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the…
CVE-2013-2152 — CVSS 7.2 (high): Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local…
CVE-2012-3406 — CVSS 6.8 (medium): The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly…
CVE-2016-6338 — CVSS 6.8 (medium): ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically…
CVE-2017-2614 — CVSS 6.8 (medium): When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password…
CVE-2010-0429 — CVSS 6.6 (medium): libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0…
CVE-2010-0428 — CVSS 6.6 (medium): libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0…
CVE-2010-2784 — CVSS 6.6 (medium): The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka…
CVE-2010-0431 — CVSS 6.6 (medium): QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly…
CVE-2014-8167 — CVSS 5.9 (medium): vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
CVE-2010-2811 — CVSS 5.7 (medium): Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL…
CVE-2016-6310 — CVSS 5.5 (medium): oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
CVE-2016-4443 — CVSS 5.5 (medium): Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive…
CVE-2018-1117 — CVSS 5.0 (medium): ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to…
CVE-2012-3404 — CVSS 5.0 (medium): The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a…
CVE-2012-3405 — CVSS 5.0 (medium): The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a…
CVE-2013-4282 — CVSS 5.0 (medium): Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial…
CVE-2010-0435 — CVSS 4.6 (medium): The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled…
CVE-2013-4181 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise…
CVE-2014-3485 — CVSS 4.0 (medium): The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to…
CVE-2015-1841 — CVSS 3.7 (low): The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by…
CVE-2014-3559 — CVSS 3.5 (low): The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when…
CVE-2016-5432 — CVSS 3.3 (low): The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database…
CVE-2013-4236 — CVSS 2.7 (low): VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment…
CVE-2013-0167 — CVSS 2.7 (low): VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment…
CVE-2014-3561 — CVSS 2.1 (low): The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when…
CVE-2014-0179 — CVSS 1.9 (low): libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document…
CVE-2014-5177 — CVSS 1.2 (low): libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a…