Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Virtualization
Subscriptions
Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2176 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2025-04-11 | N/A |
| Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. | ||||
| CVE-2013-4236 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization, Rhev Manager | 2025-04-11 | N/A |
| VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167. | ||||
| CVE-2013-4282 | 2 Redhat, Spice Project | 3 Enterprise Linux, Enterprise Virtualization, Spice | 2025-04-11 | N/A |
| Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. | ||||
| CVE-2010-0431 | 1 Redhat | 4 Enterprise Linux, Enterprise Virtualization, Kvm and 1 more | 2025-04-11 | N/A |
| QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | ||||
| CVE-2010-0435 | 1 Redhat | 4 Enterprise Linux, Enterprise Virtualization, Kvm and 1 more | 2025-04-11 | N/A |
| The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. | ||||
| CVE-2010-0428 | 1 Redhat | 4 Enterprise Linux, Enterprise Virtualization, Qspice and 1 more | 2025-04-11 | N/A |
| libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | ||||
| CVE-2010-0429 | 1 Redhat | 4 Enterprise Linux, Enterprise Virtualization, Qspice and 1 more | 2025-04-11 | N/A |
| libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | ||||
| CVE-2010-2784 | 1 Redhat | 4 Enterprise Linux, Enterprise Virtualization, Kvm and 1 more | 2025-04-11 | N/A |
| The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | ||||
| CVE-2010-2811 | 1 Redhat | 2 Enterprise Linux, Enterprise Virtualization | 2025-04-11 | N/A |
| Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic. | ||||
| CVE-2008-3522 | 2 Jasper Project, Redhat | 3 Jasper, Enterprise Virtualization, Rhev Manager | 2025-04-09 | N/A |
| Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. | ||||
| CVE-2018-1117 | 2 Ovirt, Redhat | 3 Ovirt-ansible-roles, Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
| ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation. | ||||
| CVE-2018-1111 | 2 Fedoraproject, Redhat | 11 Fedora, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2024-11-21 | N/A |
| DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. | ||||
| CVE-2018-1074 | 2 Ovirt, Redhat | 3 Ovirt, Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
| ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control. | ||||
| CVE-2017-2614 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
| When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts. | ||||
| CVE-2015-5201 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization, Enterprise Virtualization Hypervisor | 2024-11-21 | 7.5 High |
| VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. | ||||
| CVE-2014-8167 | 1 Redhat | 3 Enterprise Virtualization, Vdsclient, Virtual Desktop Server Manager | 2024-11-21 | 5.9 Medium |
| vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | ||||
| CVE-2013-4280 | 1 Redhat | 3 Enterprise Virtualization, Storage, Virtual Desktop Server Manager | 2024-11-21 | 5.5 Medium |
| Insecure temporary file vulnerability in RedHat vsdm 4.9.6. | ||||