Red Hat Enterprise Virtualization
By the Year
In 2022 there have been 0 vulnerabilities in Red Hat Enterprise Virtualization . Enterprise Virtualization did not have any published security vulnerabilities last year.
It may take a day or so for new Enterprise Virtualization vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Enterprise Virtualization Security Vulnerabilities
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive
9.8 - Critical
- June 20, 2018
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation.
DHCP packages in Red Hat Enterprise Linux 6 and 7
7.5 - High
- May 17, 2018
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
ovirt-engine API and administration web portal before versions 126.96.36.199
7.2 - High
- April 26, 2018
ovirt-engine API and administration web portal before versions 188.8.131.52, 184.108.40.206 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
Insufficiently Protected Credentials
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM
- May 13, 2015
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.