Vulnerabilities > Redhat > Enterprise Virtualization > 3.2

DATE CVE VULNERABILITY TITLE RISK
2020-02-25 CVE-2015-5201 Missing Authentication for Critical Function vulnerability in Redhat products
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.
network
low complexity
redhat CWE-306
7.5
2017-08-22 CVE-2016-6310 Information Exposure vulnerability in Redhat Enterprise Virtualization
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
local
low complexity
redhat CWE-200
2.1
2014-01-21 CVE-2013-2152 Local Privilege Escalation vulnerability in Redhat Enterprise Virtualization 3.2
Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.
local
low complexity
redhat
7.2
2013-08-28 CVE-2013-2176 Resource Management Errors vulnerability in Redhat Enterprise Virtualization 3.0/3.2
Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application.
local
low complexity
redhat CWE-399
7.2
2013-08-19 CVE-2013-0167 Denial of Service vulnerability in Red Hat Enterprise Virtualization Hypervisor
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."
low complexity
redhat
2.7