Red Hat Virtualization Manager
By the Year
In 2020 there have been 0 vulnerabilities in Red Hat Virtualization Manager . Last year Virtualization Manager had 1 security vulnerability published. Right now, Virtualization Manager is on track to have less security vulerabilities in 2020 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.50 |
| 2018 | 3 | 7.80 |
It may take a day or so for new Virtualization Manager vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Red Hat Virtualization Manager Security Vulnerabilities
A denial of service vulnerability was found in rsyslog in the imptcp module
CVE-2018-16881
7.5 - High
- January 25, 2019
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
CVE-2018-16881 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Integer Overflow or Wraparound
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which
CVE-2018-17963
9.8 - Critical
- October 09, 2018
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-17963 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Integer Overflow or Wraparound
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c
CVE-2018-17958
7.5 - High
- October 09, 2018
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-17958 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Integer Overflow or Wraparound
The DPDK vhost-user interface does not check to verify
CVE-2018-1059
6.1 - Medium
- April 24, 2018
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
Information Leak