Redhat Enterprise Virtualization Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Enterprise Virtualization Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2015-7544 — CVSS 9.1 (critical): redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users…
CVE-2018-8897 — CVSS 7.8 (high): A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the…
CVE-2010-2793 — CVSS 6.8 (medium): Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before…
CVE-2015-0237 — CVSS 6.8 (medium): Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage…
CVE-2012-0861 — CVSS 6.8 (medium): The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when…
CVE-2014-3573 — CVSS 6.5 (medium): The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure…
CVE-2012-0860 — CVSS 6.2 (medium): Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow…
CVE-2015-5293 — CVSS 5.9 (medium): Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to…
CVE-2013-2144 — CVSS 5.0 (medium): Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which…
CVE-2018-1072 — CVSS 5.0 (medium): ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of…
CVE-2013-6434 — CVSS 4.3 (medium): The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method…
CVE-2013-0168 — CVSS 4.0 (medium): The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage…
CVE-2011-4316 — CVSS 3.7 (low): Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between…
CVE-2009-3552 — CVSS 3.1 (low): In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization…
CVE-2012-2696 — CVSS 2.7 (low): The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote…
CVE-2010-2224 — CVSS 2.1 (low): The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero…
CVE-2012-5516 — CVSS 2.1 (low): Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly…
CVE-2012-6115 — CVSS 2.1 (low): The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate…
CVE-2015-0257 — CVSS 2.1 (low): Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd…