Product:

Enterprise_virtualization

(Redhat)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 36
Date Id Summary Products Score Patch Annotated
2018-07-27 CVE-2017-2614 When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts. Enterprise_virtualization 6.3
2017-08-22 CVE-2016-6310 oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. Enterprise_virtualization 5.5
2015-09-08 CVE-2015-1841 The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. Enterprise_virtualization N/A
2014-08-03 CVE-2014-5177 libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10)... Opensuse, Enterprise_linux, Enterprise_virtualization, Libvirt N/A
2013-08-28 CVE-2013-2176 Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. Enterprise_virtualization N/A
2014-01-21 CVE-2013-2152 Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. Enterprise_virtualization N/A
2013-08-19 CVE-2013-0167 VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." Enterprise_virtualization N/A
2014-02-10 CVE-2012-3406 The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different... Ubuntu_linux, Glibc, Enterprise_linux, Enterprise_virtualization N/A
2014-02-10 CVE-2012-3405 The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. Ubuntu_linux, Glibc, Enterprise_linux, Enterprise_virtualization N/A
2014-02-10 CVE-2012-3404 The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. Ubuntu_linux, Glibc, Enterprise_linux, Enterprise_virtualization N/A