Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
virtualization vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43631
On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for r...
Linuxfoundation Edge Virtualization Engine
NA
CVE-2023-43632
As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The co...
Linuxfoundation Edge Virtualization Engine
NA
CVE-2023-43635
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unse...
Linuxfoundation Edge Virtualization Engine
NA
CVE-2023-43636
In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their...
Linuxfoundation Edge Virtualization Engine
10
CVSSv2
CVE-2013-6221
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x prior to 3.50.1, when the AutoPass license server is enabled, allows remote malicious users to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZD...
Hp Service Virtualization 3.0
1 EDB exploit
7.5
CVSSv2
CVE-2015-4727
Unspecified vulnerability in Oracle Virtualization Sun Ray Software prior to 5.4.4 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors related to Web Console.
Oracle Virtualization Sun Ray
7.2
CVSSv2
CVE-2013-2152
Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.
Redhat Enterprise Virtualization 3.2
2.1
CVSSv2
CVE-2010-2224
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) prior to 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks a...
Redhat Enterprise Virtualization Manager
7.4
CVSSv2
CVE-2010-0430
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) prior to 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memo...
Redhat Enterprise Virtualization Hypervisor
3.5
CVSSv2
CVE-2014-3559
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the d...
Redhat Enterprise Virtualization 3.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »