Enterprise Virtualization Red Hat Enterprise Virtualization

Do you want an email whenever new security vulnerabilities are reported in Red Hat Enterprise Virtualization?

By the Year

In 2022 there have been 0 vulnerabilities in Red Hat Enterprise Virtualization . Enterprise Virtualization did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 3 8.17

It may take a day or so for new Enterprise Virtualization vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Enterprise Virtualization Security Vulnerabilities

ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive

CVE-2018-1117 9.8 - Critical - June 20, 2018

ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation.

DHCP packages in Red Hat Enterprise Linux 6 and 7

CVE-2018-1111 7.5 - High - May 17, 2018

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

Shell injection

ovirt-engine API and administration web portal before versions 4.2.2.5

CVE-2018-1074 7.2 - High - April 26, 2018

ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.

Insufficiently Protected Credentials

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM

CVE-2015-3456 - May 13, 2015

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Enterprise Virtualization or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe