Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_virtualization
(Redhat)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 36 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-07-27 | CVE-2017-2614 | When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts. | Enterprise_virtualization | 6.3 | ||
2017-08-22 | CVE-2016-6310 | oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | Enterprise_virtualization | 5.5 | ||
2015-09-08 | CVE-2015-1841 | The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. | Enterprise_virtualization | N/A | ||
2014-08-03 | CVE-2014-5177 | libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10)... | Opensuse, Enterprise_linux, Enterprise_virtualization, Libvirt | N/A | ||
2013-08-28 | CVE-2013-2176 | Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. | Enterprise_virtualization | N/A | ||
2014-01-21 | CVE-2013-2152 | Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. | Enterprise_virtualization | N/A | ||
2013-08-19 | CVE-2013-0167 | VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." | Enterprise_virtualization | N/A | ||
2014-02-10 | CVE-2012-3406 | The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different... | Ubuntu_linux, Glibc, Enterprise_linux, Enterprise_virtualization | N/A | ||
2014-02-10 | CVE-2012-3405 | The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. | Ubuntu_linux, Glibc, Enterprise_linux, Enterprise_virtualization | N/A | ||
2014-02-10 | CVE-2012-3404 | The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. | Ubuntu_linux, Glibc, Enterprise_linux, Enterprise_virtualization | N/A |