Vulnerabilities > Redhat > Enterprise Virtualization > 3.0

DATE CVE VULNERABILITY TITLE RISK
2020-02-25 CVE-2015-5201 Missing Authentication for Critical Function vulnerability in Redhat products
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.
network
low complexity
redhat CWE-306
7.5
2019-11-13 CVE-2014-8167 Improper Certificate Validation vulnerability in Redhat products
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
network
high complexity
redhat CWE-295
5.9
2019-11-04 CVE-2013-4280 Exposure of Resource to Wrong Sphere vulnerability in Redhat products
Insecure temporary file vulnerability in RedHat vsdm 4.9.6.
local
low complexity
redhat CWE-668
5.5
2017-08-22 CVE-2016-6310 Information Exposure vulnerability in Redhat Enterprise Virtualization
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
local
low complexity
redhat CWE-200
5.5
2013-01-31 CVE-2013-1591 Integer Overflow or Wraparound vulnerability in multiple products
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors.
network
low complexity
redhat palemoon CWE-190
critical
9.8