Vulnerabilities > Redhat > Enterprise Virtualization Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-09 | CVE-2009-3552 | Improper Certificate Validation vulnerability in Redhat Enterprise Virtualization Manager 2.2 In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. | 2.9 |
| 2018-06-26 | CVE-2018-1072 | Information Exposure Through Log Files vulnerability in multiple products ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. | 5.0 |
| 2018-05-08 | CVE-2018-8897 | Race Condition vulnerability in multiple products A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. | 7.2 |
| 2017-09-25 | CVE-2015-7544 | Injection vulnerability in Redhat Enterprise Virtualization Manager 3.4/3.4.1/3.5.0 redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. | 9.1 |
| 2017-08-24 | CVE-2015-5293 | Improper Access Control vulnerability in Redhat Enterprise Virtualization Manager Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. | 4.3 |
| 2013-07-03 | CVE-2013-2144 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot. | 5.0 |
| 2013-03-12 | CVE-2013-0168 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. | 4.0 |
| 2013-01-04 | CVE-2012-5516 | Information Exposure vulnerability in Redhat Enterprise Virtualization Manager Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. | 2.1 |
| 2013-01-04 | CVE-2012-2696 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. | 2.7 |
| 2013-01-04 | CVE-2011-4316 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. | 3.7 |