Skip to main content

Virtualization Manager

12 CVEs product

Monthly

CVE-2019-11135 MEDIUM PATCH This Month

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Leap Fedora Slackware Apollo 4200 Firmware +156
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-10744 LIB CRITICAL POC PATCH Act Now

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Lodash Active Iq Unified Manager Service Level Manager +18
NVD
CVSS 3.1
9.1
EPSS
5.0%
CVE-2019-10194 MEDIUM This Month

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ovirt Virtualization Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-11358 LIB MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery Debian Linux Drupal +102
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
87.2%
CVE-2019-8331 LIB MEDIUM PATCH This Month

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bootstrap Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +12
NVD GitHub
CVSS 3.1
6.1
EPSS
16.9%
CVE-2018-17963 CRITICAL PATCH Act Now

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Qemu Debian Linux Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2018-17958 HIGH PATCH This Week

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Qemu Ubuntu Linux Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-3639 MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

Authentication Bypass Atom C Atom E Atom X5 E3930 Atom X5 E3940 +278
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
46.0%
Threat
4.0
CVE-2018-1059 MEDIUM This Month

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Ceph Storage Enterprise Linux Fast Datapath Openshift +5
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2017-9214 CRITICAL PATCH Act Now

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Openvswitch Debian Linux Openstack +2
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2016-5709 MEDIUM This Month

SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Virtualization Manager
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-3642 CRITICAL POC THREAT Emergency

The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.4%.

Information Disclosure Java Apache Virtualization Manager
NVD
CVSS 3.0
9.8
EPSS
22.4%
Threat
4.1
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Leap Fedora +158
NVD VulDB
EPSS 5% CVSS 9.1
CRITICAL POC PATCH Act Now

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Lodash +20
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ovirt Virtualization Manager
NVD
EPSS 87% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery +104
NVD GitHub Exploit-DB
EPSS 17% CVSS 6.1
MEDIUM PATCH This Month

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bootstrap Big Ip Access Policy Manager +14
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Qemu +5
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Qemu +4
NVD
EPSS 46% 4.0 CVSS 5.5
MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

Authentication Bypass Atom C Atom E +280
NVD Exploit-DB VulDB
EPSS 1% CVSS 6.1
MEDIUM This Month

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Ceph Storage +7
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Openvswitch +4
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Virtualization Manager
NVD
EPSS 22% 4.1 CVSS 9.8
CRITICAL POC THREAT Emergency

The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.4%.

Information Disclosure Java Apache +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy