Virtualization

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-31	CVE-2021-3634	Out-of-bounds Write vulnerability in multiple products A flaw has been found in libssh in versions prior to 0.9.6. network low complexity libssh redhat debian fedoraproject oracle netapp CWE-787	6.5
2021-05-06	CVE-2021-3501	Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel in versions before 5.12. local low complexity linux redhat fedoraproject netapp CWE-787	3.6
2021-03-18	CVE-2019-14850	Insufficient Control of Network Message Volume (Network Amplification) vulnerability in multiple products A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. network high complexity nbdkit-project redhat CWE-406	2.6
2021-03-18	CVE-2020-27827	Resource Exhaustion vulnerability in multiple products A flaw was found in multiple versions of OpenvSwitch. network low complexity lldpd-project openvswitch redhat fedoraproject siemens CWE-400	7.5
2021-01-12	CVE-2020-25657	Covert Timing Channel vulnerability in multiple products A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. network high complexity m2crypto-project redhat fedoraproject CWE-385	5.9
2020-12-21	CVE-2020-35497	Improper Access Control vulnerability in multiple products A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key. network low complexity ovirt redhat CWE-284	6.5
2020-03-19	CVE-2019-19336	Cross-site Scripting vulnerability in multiple products A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. network ovirt redhat CWE-79	4.3
2020-02-11	CVE-2013-4535	Improper Input Validation vulnerability in multiple products The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. local low complexity qemu redhat CWE-20	8.8
2020-01-02	CVE-2019-14859	Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. network low complexity python-ecdsa-project redhat CWE-347	6.4
2019-11-22	CVE-2015-1780	Incorrect Authorization vulnerability in Redhat Ovirt-Engine and Virtualization oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center network low complexity redhat CWE-863	4.0