Enterprise virtualization
This hub aggregates every CVE we track for Enterprise virtualization, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.
36
CVEs tracked
2
Critical
7
High
0
In CISA KEV
Severity distribution
MEDIUM19LOW8HIGH7CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Enterprise virtualization.
- CVE-2015-5201VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before...7.5
- CVE-2014-8167vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack5.9
- CVE-2013-4280Insecure temporary file vulnerability in RedHat vsdm 4.9.6.5.5
- CVE-2017-2614When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker wi...6.8
- CVE-2018-1117ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin ...5.0
- CVE-2018-1111DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A maliciou...7.5
- CVE-2018-1074ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. ...7.7
- CVE-2016-6310oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.5.5
- CVE-2016-6338ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restr...6.8
- CVE-2016-4443Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.5.5
- CVE-2016-5432The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.3.3
- CVE-2015-1841The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.3.7
- CVE-2015-3456The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute a...7.7
- CVE-2014-3561The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensiti...2.1
- CVE-2014-3559The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows...3.5
Product normalization is registry-driven with AI assist and human review. How it works