Total
37 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-2151 | 1 Redhat | 1 Enterprise Virtualization | 2024-02-28 | 7.2 HIGH | N/A |
Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. | |||||
CVE-2012-3404 | 3 Canonical, Gnu, Redhat | 4 Ubuntu Linux, Glibc, Enterprise Linux and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. | |||||
CVE-2013-2152 | 1 Redhat | 1 Enterprise Virtualization | 2024-02-28 | 7.2 HIGH | N/A |
Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. | |||||
CVE-2014-3561 | 1 Redhat | 1 Enterprise Virtualization | 2024-02-28 | 2.1 LOW | N/A |
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes. | |||||
CVE-2013-2176 | 1 Redhat | 1 Enterprise Virtualization | 2024-02-28 | 7.2 HIGH | N/A |
Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. | |||||
CVE-2013-4282 | 2 Redhat, Spice Project | 3 Enterprise Linux, Enterprise Virtualization, Spice | 2024-02-28 | 5.0 MEDIUM | N/A |
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. | |||||
CVE-2013-4236 | 1 Redhat | 1 Enterprise Virtualization | 2024-02-28 | 2.7 LOW | N/A |
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167. | |||||
CVE-2013-0167 | 1 Redhat | 1 Enterprise Virtualization | 2024-02-28 | 2.7 LOW | N/A |
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." | |||||
CVE-2013-4181 | 1 Redhat | 1 Enterprise Virtualization | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-1591 | 2 Palemoon, Redhat | 3 Pale Moon, Enterprise Linux, Enterprise Virtualization | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop. | |||||
CVE-2010-0428 | 1 Redhat | 2 Enterprise Virtualization, Qspice | 2024-02-28 | 6.6 MEDIUM | N/A |
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | |||||
CVE-2010-0435 | 1 Redhat | 2 Enterprise Virtualization, Kvm | 2024-02-28 | 4.6 MEDIUM | N/A |
The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation. | |||||
CVE-2010-0429 | 1 Redhat | 2 Enterprise Virtualization, Qspice | 2024-02-28 | 6.6 MEDIUM | N/A |
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | |||||
CVE-2010-2811 | 1 Redhat | 1 Enterprise Virtualization | 2024-02-28 | 5.7 MEDIUM | N/A |
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic. | |||||
CVE-2010-2784 | 1 Redhat | 2 Enterprise Virtualization, Kvm | 2024-02-28 | 6.6 MEDIUM | N/A |
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | |||||
CVE-2010-0431 | 1 Redhat | 2 Enterprise Virtualization, Kvm | 2024-02-28 | 6.6 MEDIUM | N/A |
QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | |||||
CVE-2008-3522 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Virtualization | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. |