Vulnerabilities > Redhat > Enterprise Virtualization > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-13 | CVE-2014-8167 | Improper Certificate Validation vulnerability in Redhat products vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | 5.9 |
| 2019-11-04 | CVE-2013-4280 | Exposure of Resource to Wrong Sphere vulnerability in Redhat products Insecure temporary file vulnerability in RedHat vsdm 4.9.6. | 5.5 |
| 2018-07-27 | CVE-2017-2614 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Redhat Enterprise Virtualization 4.0 When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. | 6.3 |
| 2017-08-22 | CVE-2016-6310 | Information Exposure vulnerability in Redhat Enterprise Virtualization oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | 5.5 |
| 2017-04-20 | CVE-2016-6338 | Improper Access Control vulnerability in Redhat Enterprise Virtualization 4.0 ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. | 6.8 |
| 2016-12-14 | CVE-2016-4443 | Information Exposure Through Log Files vulnerability in Redhat Enterprise Virtualization 3.6 Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. | 5.5 |