Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_virtualization_manager
(Redhat)Repositories | https://github.com/torvalds/linux |
#Vulnerabilities | 19 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-06-26 | CVE-2018-1072 | ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords. | Ovirt, Enterprise_virtualization_manager | 9.8 | ||
2018-05-08 | CVE-2018-8897 | A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs),... | Mac_os_x, Ubuntu_linux, Xenserver, Debian_linux, Freebsd, Enterprise_linux_server, Enterprise_linux_workstation, Enterprise_virtualization_manager, Diskstation_manager, Skynas, Xen | 7.8 | ||
2017-08-24 | CVE-2015-5293 | Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. | Enterprise_virtualization_manager | 5.9 | ||
2013-07-03 | CVE-2013-2144 | Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot. | Enterprise_virtualization_manager | N/A | ||
2013-03-12 | CVE-2013-0168 | The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. | Enterprise_virtualization_manager | N/A | ||
2013-01-04 | CVE-2012-5516 | Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. | Enterprise_virtualization_manager | N/A | ||
2013-01-04 | CVE-2012-2696 | The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. | Enterprise_virtualization_manager | N/A | ||
2013-01-04 | CVE-2011-4316 | Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. | Enterprise_virtualization_manager | N/A | ||
2010-12-08 | CVE-2010-2793 | Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. | Enterprise_virtualization_manager, Spice\-Activex | N/A | ||
2010-06-24 | CVE-2010-2224 | The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. | Enterprise_virtualization_manager | N/A |