Skip to main content

Enterprise Virtualization Manager

15 CVEs product

Monthly

CVE-2018-1072 CRITICAL Act Now

ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Enterprise Virtualization Manager
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2018-8897 HIGH POC PATCH THREAT Act Now

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Privilege Escalation Linux Race Condition Intel +12
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
18.7%
CVE-2015-7544 CRITICAL Act Now

redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Virtualization Manager
NVD
CVSS 3.0
9.1
EPSS
0.9%
CVE-2015-5293 MEDIUM This Month

Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Red Hat Enterprise Virtualization Manager
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-0257 LOW Monitor

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Enterprise Virtualization Manager
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2015-0237 MEDIUM This Month

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Denial Of Service Enterprise Virtualization Manager
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-3573 MEDIUM This Month

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Enterprise Virtualization Manager
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-6434 MEDIUM This Month

The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Enterprise Virtualization Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2144 MEDIUM This Month

Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Denial Of Service Enterprise Virtualization Manager
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-0168 MEDIUM This Month

The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Denial Of Service Enterprise Virtualization Manager
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2012-6115 LOW Monitor

The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Enterprise Virtualization Manager
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-5516 LOW Monitor

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Virtualization Manager
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-2696 LOW Monitor

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Enterprise Virtualization Manager
NVD
CVSS 2.0
2.7
EPSS
0.1%
CVE-2012-0861 MEDIUM This Month

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents. Rated medium severity (CVSS 6.8). No vendor patch available.

Python Red Hat RCE Enterprise Virtualization Manager
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-0860 MEDIUM This Month

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1). Rated medium severity (CVSS 6.2). No vendor patch available.

Python Red Hat Information Disclosure Enterprise Virtualization Manager
NVD
CVSS 2.0
6.2
EPSS
0.1%
EPSS 1% CVSS 9.8
CRITICAL Act Now

ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Enterprise Virtualization Manager
NVD
EPSS 19% CVSS 7.8
HIGH POC PATCH THREAT Act Now

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Privilege Escalation Linux +14
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.1
CRITICAL Act Now

redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Virtualization Manager
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Red Hat Enterprise Virtualization Manager
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Enterprise Virtualization Manager
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Denial Of Service +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Enterprise Virtualization Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Enterprise Virtualization Manager
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Denial Of Service +1
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Denial Of Service +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Enterprise Virtualization Manager
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Virtualization Manager
NVD
EPSS 0% CVSS 2.7
LOW Monitor

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Enterprise Virtualization Manager
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents. Rated medium severity (CVSS 6.8). No vendor patch available.

Python Red Hat RCE +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1). Rated medium severity (CVSS 6.2). No vendor patch available.

Python Red Hat Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy