Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
virtualization vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2021-25653
A privilege escalation vulnerability exists in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 up to and including 8.1.3.1 versions of AVPU.
Avaya Aura Appliance Virtualization Platform
668
VMScore
CVE-2017-9214
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
Openvswitch Openvswitch 2.7.0
Debian Debian Linux 9.0
Redhat Openstack 6.0
Redhat Openstack 7.0
Redhat Openstack 8
Redhat Openstack 9
Redhat Openstack 10
Redhat Openstack 11
Redhat Virtualization 4.1
Redhat Virtualization Manager 4.1
Redhat Virtualization 4.0
578
VMScore
CVE-2020-14316
A flaw was found in kubevirt 0.29 and previous versions. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an malicious user to assume the privileges of the VM process on the host system. In worst-case scenar...
Kubevirt Kubevirt
Redhat Openshift Virtualization 1
187
VMScore
CVE-2019-10194
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
Ovirt Ovirt
Redhat Virtualization Manager 4.3
231
VMScore
CVE-2020-10775
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and previous versions, where it allows remote malicious users to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical p...
Oracle Virtualization 4.0
Redhat Ovirt-engine
356
VMScore
CVE-2020-35497
A flaw was found in ovirt-engine 4.4.3 and previous versions allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
Ovirt Ovirt-engine
Redhat Virtualization 4.0
383
VMScore
CVE-2019-19336
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an malicious user to craft malicious HTML pages that can run s...
Ovirt Ovirt-engine
Redhat Virtualization 4.3
356
VMScore
CVE-2015-1780
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
Redhat Ovirt-engine -
Redhat Virtualization 3.0
641
VMScore
CVE-2015-4186
The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412.
Cisco Virtualization Experience Client 6000 Series Firmware 11.2\\(27.4\\)
587
VMScore
CVE-2010-0428
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and ...
Redhat Enterprise Virtualization 2.2
Redhat Qspice 0.3.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »