CVE-2009-3552

all versions

In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtuali

3.1LOW

CVE-2018-1072

all versions

ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run wit

5.0MEDIUM

CVE-2018-8897

all versions

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandl

7.8HIGH

CVE-2015-7544

all versions

redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated

9.1CRITICAL

CVE-2015-5293

<= 3.6.0

Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is s

5.9MEDIUM

CVE-2015-0257

<= 3.5.0

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-

CVE-2015-0237

<= 3.5.0

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage

CVE-2014-3573

<= 3.4.1

The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuil

CVE-2013-6434

<= 3.2

The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation me

CVE-2013-2144

<= 3.1

Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, wh

CVE-2013-0168

<= 3.1

The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on

CVE-2012-6115

<= 3.1

The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the

CVE-2012-5516

<= 3.0

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-a

CVE-2012-2696

<= 3.0

The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remo

CVE-2012-0861

<= 3.0

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter

CVE-2012-0860

<= 3.0

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a hos

CVE-2011-4316

<= 3.0

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen

CVE-2010-2793

<= 2.2.3

Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager

CVE-2010-2224

<= 2.1

The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the