Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

redhat enterprise virtualization manager 2.1 vulnerabilities and exploits

(subscribe to this query)
9.1
CVSSv3
CVE-2022-1586
An out-of-bounds read vulnerability exists in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully...
Pcre Pcre2Fedoraproject Fedora 35Fedoraproject Fedora 36Redhat Enterprise Linux 8.0Redhat Enterprise Linux 9.0Netapp Ontap Select Deploy Administration Utility -Netapp Solidfire -Netapp Hci Management Node -Netapp Active Iq Unified Manager -Netapp H300s Firmware -Netapp H500s Firmware -Netapp H700s Firmware -Netapp H410s Firmware -Netapp H410c Firmware -
5.5
CVSSv3
CVE-2013-4280
Insecure temporary file vulnerability in RedHat vsdm 4.9.6.
Redhat Virtual Desktop Server Manager 4.9.6Redhat Storage 2.0Redhat Enterprise Virtualization 3.0Redhat Storage 2.1
7.5
CVSSv3
CVE-2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 prior to 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote malicious users to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrat...
Openssl OpensslFilezilla-project Filezilla ServerSiemens Application Processing Engine Firmware 2.0Siemens Cp 1543-1 Firmware 1.1Siemens Simatic S7-1500 Firmware 1.5Siemens Simatic S7-1500t Firmware 1.5Siemens Elan-8.2Siemens Wincc Open Architecture 3.12Intellian V100 Firmware 1.20Intellian V100 Firmware 1.21Intellian V100 Firmware 1.24Intellian V60 Firmware 1.15Intellian V60 Firmware 1.25Mitel Micollab 6.0Mitel Micollab 7.0Mitel Micollab 7.1Mitel Micollab 7.2Mitel Micollab 7.3.0.104Mitel Micollab 7.3Mitel Mivoice 1.1.3.3Mitel Mivoice 1.2.0.11Mitel Mivoice 1.3.2.2
NA
CVE-2013-2144
Red Hat Enterprise Virtualization Manager (RHEVM) prior to 3.2 does not properly check permissions for the target storage domain, which allows malicious users to cause a denial of service (disk space consumption) by cloning a VM from a snapshot.
Redhat Enterprise Virtualization Manager 2.2Redhat Enterprise Virtualization Manager 2.1Redhat Enterprise Virtualization ManagerRedhat Enterprise Virtualization Manager 3.0Redhat Enterprise Virtualization Manager 2.2.3
NA
CVE-2012-6115
The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and previous versions, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive info...
Redhat Enterprise Virtualization Manager 2.1Redhat Enterprise Virtualization ManagerRedhat Enterprise Virtualization Manager 2.2.3Redhat Enterprise Virtualization Manager 2.2Redhat Enterprise Virtualization Manager 3.0
NA
CVE-2013-0168
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and previous versions does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage doma...
Redhat Enterprise Virtualization Manager 3.0Redhat Enterprise Virtualization Manager 2.2.3Redhat Enterprise Virtualization ManagerRedhat Enterprise Virtualization Manager 2.2Redhat Enterprise Virtualization Manager 2.1
NA
CVE-2012-5516
Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.
Redhat Enterprise Virtualization ManagerRedhat Enterprise Virtualization Manager 2.2.3Redhat Enterprise Virtualization Manager 2.2.4Redhat Enterprise Virtualization Manager 2.2Redhat Enterprise Virtualization Manager 2.1
NA
CVE-2012-0860
Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/.
Redhat Enterprise Virtualization Manager 2.2Redhat Enterprise Virtualization ManagerRedhat Enterprise Virtualization Manager 2.2.3Redhat Enterprise Virtualization Manager 2.1
NA
CVE-2012-0861
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote malicious users to exec...
Redhat Enterprise Virtualization Manager 2.1Redhat Enterprise Virtualization Manager 2.2.3Redhat Enterprise Virtualization Manager 2.2Redhat Enterprise Virtualization Manager
NA
CVE-2012-2696
The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.
Redhat Enterprise Virtualization ManagerRedhat Enterprise Virtualization Manager 2.2.3Redhat Enterprise Virtualization Manager 2.2Redhat Enterprise Virtualization Manager 2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook