Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enterprise virtualization vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2013-4535
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU prior to 1.7.2 allows remote malicious users to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
Qemu Qemu
Redhat Enterprise Linux Server Tus 6.5
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Virtualization 3.0
8.8
CVSSv3
CVE-2019-14287
In Sudo prior to 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER=...
Sudo Project Sudo
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Netapp Element Software Management Node -
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 6.6
58 Github repositories
1 Article
8.8
CVSSv3
CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions up to and including 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein...
Linux Linux Kernel
Linux Linux Kernel 5.4
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux For Real Time 7
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Virtualization Host 4.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Eus 7.7
Redhat Enterprise Linux For Real Time 8
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 29
8.8
CVSSv3
CVE-2018-15402
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote malicious user to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the manage...
Cisco Enterprise Network Virtualization Software Nfvis-8.0
Cisco Enterprise Network Virtualization Software Nfvis-9.0
8.8
CVSSv3
CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Paramiko Paramiko 2.1.5
Paramiko Paramiko 1.18.5
Paramiko Paramiko 2.3.2
Paramiko Paramiko 2.2.3
Paramiko Paramiko 2.4.1
Paramiko Paramiko 2.0.8
Paramiko Paramiko 1.17.6
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 6.7
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Tus 6.6
Redhat Enterprise Linux Server Tus 7.6
Redhat Virtualization Host 4.0
Redhat Enterprise Linux Server Aus 6.5
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Workstation 6.0
Redhat Ansible Tower 3.3
Redhat Enterprise Linux Server Aus 6.4
Redhat Enterprise Linux Server Aus 6.6
1 Github repository
8.8
CVSSv3
CVE-2013-0185
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote malicious users to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
Redhat Manageiq Enterprise Virtualization Manager -
8.8
CVSSv3
CVE-2014-8170
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate malicious users ...
Ovirt Ovirt-node 3.0.0-474-gb852fd7
8.8
CVSSv3
CVE-2015-7854
Buffer overflow in the password management functionality in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
Ntp Ntp
Ntp Ntp 4.2.8
Netapp Oncommand Balance -
Netapp Oncommand Performance Manager -
Netapp Oncommand Unified Manager -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
8.8
CVSSv3
CVE-2015-7849
Use-after-free vulnerability in ntpd in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
Ntp Ntp
Ntp Ntp 4.2.8
Netapp Oncommand Balance -
Netapp Oncommand Performance Manager -
Netapp Oncommand Unified Manager -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
8.8
CVSSv3
CVE-2016-3710
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
Debian Debian Linux 8.0
Hp Helion Openstack 2.0.0
Hp Helion Openstack 2.1.0
Hp Helion Openstack 2.1.2
Hp Helion Openstack 2.1.4
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 12.04
Qemu Qemu
Qemu Qemu 2.6.0
Oracle Vm Server 3.2
Oracle Vm Server 3.3
Oracle Vm Server 3.4
Oracle Linux 5
Oracle Linux 6
Oracle Linux 7
Citrix Xenserver
Redhat Openstack 5.0
Redhat Openstack 6.0
Redhat Openstack 7.0
Redhat Openstack 8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »