Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
virtualization manager vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2013-2144
Red Hat Enterprise Virtualization Manager (RHEVM) prior to 3.2 does not properly check permissions for the target storage domain, which allows malicious users to cause a denial of service (disk space consumption) by cloning a VM from a snapshot.
Redhat Enterprise Virtualization Manager 2.2
Redhat Enterprise Virtualization Manager 2.1
Redhat Enterprise Virtualization Manager
Redhat Enterprise Virtualization Manager 3.0
Redhat Enterprise Virtualization Manager 2.2.3
2.1
CVSSv2
CVE-2012-5516
Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.
Redhat Enterprise Virtualization Manager
Redhat Enterprise Virtualization Manager 2.2.3
Redhat Enterprise Virtualization Manager 2.2.4
Redhat Enterprise Virtualization Manager 2.2
Redhat Enterprise Virtualization Manager 2.1
4
CVSSv2
CVE-2013-0168
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and previous versions does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage doma...
Redhat Enterprise Virtualization Manager 3.0
Redhat Enterprise Virtualization Manager 2.2.3
Redhat Enterprise Virtualization Manager
Redhat Enterprise Virtualization Manager 2.2
Redhat Enterprise Virtualization Manager 2.1
2.1
CVSSv2
CVE-2012-6115
The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and previous versions, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive info...
Redhat Enterprise Virtualization Manager 2.1
Redhat Enterprise Virtualization Manager
Redhat Enterprise Virtualization Manager 2.2.3
Redhat Enterprise Virtualization Manager 2.2
Redhat Enterprise Virtualization Manager 3.0
3.7
CVSSv2
CVE-2011-4316
Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecif...
Redhat Enterprise Virtualization Manager 2.2
Redhat Enterprise Virtualization Manager 2.2.3
Redhat Enterprise Virtualization Manager
Redhat Enterprise Virtualization Manager 2.1
6.8
CVSSv2
CVE-2012-0861
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote malicious users to exec...
Redhat Enterprise Virtualization Manager 2.1
Redhat Enterprise Virtualization Manager 2.2.3
Redhat Enterprise Virtualization Manager 2.2
Redhat Enterprise Virtualization Manager
2.7
CVSSv2
CVE-2012-2696
The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.
Redhat Enterprise Virtualization Manager
Redhat Enterprise Virtualization Manager 2.2.3
Redhat Enterprise Virtualization Manager 2.2
Redhat Enterprise Virtualization Manager 2.1
6.2
CVSSv2
CVE-2012-0860
Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/.
Redhat Enterprise Virtualization Manager 2.2
Redhat Enterprise Virtualization Manager
Redhat Enterprise Virtualization Manager 2.2.3
Redhat Enterprise Virtualization Manager 2.1
6.8
CVSSv2
CVE-2010-2793
Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager prior to 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of thi...
Redhat Enterprise Virtualization Manager 2.2
Redhat Enterprise Virtualization Manager 2.1
Redhat Spice-activex -
Redhat Enterprise Virtualization Manager
1.9
CVSSv2
CVE-2016-5709
SolarWinds Virtualization Manager 6.3.1 and previous versions uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.
Solarwinds Virtualization Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »