Vulnerabilities > Redhat > Enterprise Virtualization > 2.2

DATE CVE VULNERABILITY TITLE RISK
2020-02-25 CVE-2015-5201 Missing Authentication for Critical Function vulnerability in Redhat products
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.
network
low complexity
redhat CWE-306
7.5
2017-08-22 CVE-2016-6310 Information Exposure vulnerability in Redhat Enterprise Virtualization
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
local
low complexity
redhat CWE-200
2.1
2010-08-24 CVE-2010-2811 Denial of Service vulnerability in Redhat Enterprise Virtualization 2.2
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic.
5.7
2010-08-24 CVE-2010-2784 Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization and KVM
The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.
local
redhat CWE-264
6.6
2010-08-24 CVE-2010-0431 Improper Input Validation vulnerability in Redhat Enterprise Virtualization and KVM
QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors.
local
redhat CWE-20
6.6
2010-08-24 CVE-2010-0429 Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization and Qspice
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.
local
redhat CWE-264
6.6
2010-08-24 CVE-2010-0428 Improper Input Validation vulnerability in Redhat Enterprise Virtualization and Qspice
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors.
local
redhat CWE-20
6.6