Vulnerabilities > Redhat > Virtualization

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-3634 Out-of-bounds Write vulnerability in multiple products
A flaw has been found in libssh in versions prior to 0.9.6.
6.5
2021-05-06 CVE-2021-3501 A flaw was found in the Linux kernel in versions before 5.12.
local
low complexity
linux redhat fedoraproject netapp
7.1
2021-03-18 CVE-2019-14850 A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1.
network
high complexity
nbdkit-project redhat
3.7
2021-03-18 CVE-2020-27827 A flaw was found in multiple versions of OpenvSwitch. 7.5
2021-01-12 CVE-2020-25657 A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext.
network
high complexity
m2crypto-project redhat fedoraproject
5.9
2020-12-21 CVE-2020-35497 A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
network
low complexity
ovirt redhat
6.5
2020-03-19 CVE-2019-19336 Cross-site Scripting vulnerability in multiple products
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8.
network
low complexity
ovirt redhat CWE-79
6.1
2020-02-11 CVE-2013-4535 Improper Input Validation vulnerability in multiple products
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
local
low complexity
qemu redhat CWE-20
8.8
2020-01-02 CVE-2019-14859 Improper Verification of Cryptographic Signature vulnerability in multiple products
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding.
network
low complexity
python-ecdsa-project redhat CWE-347
critical
9.1
2019-11-22 CVE-2015-1780 Incorrect Authorization vulnerability in Redhat Ovirt-Engine and Virtualization
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
network
low complexity
redhat CWE-863
6.5