Virtualization Manager Red Hat Virtualization Manager

stack.watch can notify you when security vulnerabilities are reported in Red Hat Virtualization Manager. You can add multiple products that you use with Virtualization Manager to create your own personal software stack watcher.

By the Year

In 2020 there have been 0 vulnerabilities in Red Hat Virtualization Manager . Last year Virtualization Manager had 1 security vulnerability published. Right now, Virtualization Manager is on track to have less security vulerabilities in 2020 than it did last year.

Year Vulnerabilities Average Score
2020 0 0.00
2019 1 7.50
2018 3 7.80

It may take a day or so for new Virtualization Manager vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Red Hat Virtualization Manager Security Vulnerabilities

A denial of service vulnerability was found in rsyslog in the imptcp module

CVE-2018-16881 7.5 - High - January 25, 2019

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

CVE-2018-16881 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Integer Overflow or Wraparound

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which

CVE-2018-17963 9.8 - Critical - October 09, 2018

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

CVE-2018-17963 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Integer Overflow or Wraparound

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c

CVE-2018-17958 7.5 - High - October 09, 2018

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

CVE-2018-17958 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Integer Overflow or Wraparound

The DPDK vhost-user interface does not check to verify

CVE-2018-1059 6.1 - Medium - April 24, 2018

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Information Leak