Vulnerabilities > Redhat > Enterprise Virtualization Manager > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-09 | CVE-2009-3552 | Improper Certificate Validation vulnerability in Redhat Enterprise Virtualization Manager 2.2 In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. | 2.9 |
| 2013-01-04 | CVE-2011-4316 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. | 3.7 |
| 2013-01-04 | CVE-2012-2696 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. | 2.7 |
| 2013-01-04 | CVE-2012-5516 | Information Exposure vulnerability in Redhat Enterprise Virtualization Manager Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. | 2.1 |
| 2010-06-24 | CVE-2010-2224 | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager 2.1 The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. | 2.1 |