Vulnerabilities > Redhat > Virtualization

DATE CVE VULNERABILITY TITLE RISK
2023-10-06 CVE-2023-5366 Insufficient Verification of Data Authenticity vulnerability in multiple products
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules.
local
low complexity
openvswitch redhat CWE-345
5.5
2023-10-03 CVE-2023-4911 Out-of-bounds Write vulnerability in multiple products
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable.
local
low complexity
gnu fedoraproject redhat CWE-787
7.8
2023-04-10 CVE-2023-1668 Always-Incorrect Control Flow Implementation vulnerability in multiple products
A flaw was found in openvswitch (OVS).
network
low complexity
cloudbase debian redhat CWE-670
8.2
2022-10-19 CVE-2022-2805 Cleartext Storage of Sensitive Information vulnerability in Redhat Virtualization 4.0
A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style.
network
low complexity
redhat CWE-312
6.5
2022-09-29 CVE-2014-0144 Improper Input Validation vulnerability in multiple products
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
local
low complexity
qemu redhat CWE-20
8.6
2022-09-29 CVE-2014-0147 Integer Overflow or Wraparound vulnerability in multiple products
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
local
low complexity
qemu fedoraproject redhat CWE-190
6.2
2022-09-29 CVE-2014-0148 Infinite Loop vulnerability in multiple products
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables.
local
low complexity
qemu redhat CWE-835
5.5
2022-08-31 CVE-2022-2132 A permissive list of allowed inputs flaw was found in DPDK.
network
low complexity
dpdk fedoraproject debian redhat
8.6
2022-08-26 CVE-2022-0207 Race Condition vulnerability in multiple products
A race condition was found in vdsm.
local
high complexity
ovirt redhat CWE-362
4.7
2022-06-30 CVE-2022-2078 Stack-based Buffer Overflow vulnerability in multiple products
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.
local
low complexity
linux redhat debian CWE-121
5.5