Filtered by vendor Redhat
Subscriptions
Filtered by product Rhev Manager
Subscriptions
Total
182 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-3485 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue. | ||||
CVE-2014-1568 | 5 Apple, Google, Microsoft and 2 more | 14 Mac Os X, Chrome, Chrome Os and 11 more | 2024-11-21 | N/A |
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. | ||||
CVE-2014-0202 | 1 Redhat | 2 Rhev Manager, Rhevm-dwh | 2024-11-21 | N/A |
The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file. | ||||
CVE-2014-0201 | 1 Redhat | 2 Rhev Manager, Rhevm-reports | 2024-11-21 | N/A |
ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files. | ||||
CVE-2014-0200 | 1 Redhat | 2 Rhev Manager, Rhevm-reports | 2024-11-21 | N/A |
The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the file. | ||||
CVE-2014-0199 | 1 Redhat | 2 Rhev Manager, Rhevm-reports | 2024-11-21 | N/A |
The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file. | ||||
CVE-2014-0160 | 13 Broadcom, Canonical, Debian and 10 more | 37 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 34 more | 2024-11-21 | 7.5 High |
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||||
CVE-2014-0154 | 2 Ovirt, Redhat | 2 Ovirt, Rhev Manager | 2024-11-21 | N/A |
oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
CVE-2014-0153 | 2 Ovirt, Redhat | 2 Ovirt, Rhev Manager | 2024-11-21 | N/A |
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page. | ||||
CVE-2014-0152 | 2 Ovirt, Redhat | 3 Ovirt, Ovirt-engine, Rhev Manager | 2024-11-21 | N/A |
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | ||||
CVE-2014-0151 | 1 Redhat | 2 Ovirt-engine, Rhev Manager | 2024-11-21 | N/A |
Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request. | ||||
CVE-2013-7285 | 2 Redhat, Xstream Project | 15 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 12 more | 2024-11-21 | 9.8 Critical |
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON. | ||||
CVE-2013-6434 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2024-11-21 | N/A |
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server. | ||||
CVE-2013-4353 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Rhev Manager | 2024-11-21 | N/A |
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. | ||||
CVE-2013-4236 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167. | ||||
CVE-2013-4181 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2013-2192 | 2 Apache, Redhat | 4 Hadoop, Jboss Amq, Jboss Fuse and 1 more | 2024-11-21 | N/A |
The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication. | ||||
CVE-2013-2176 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. | ||||
CVE-2013-2152 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. | ||||
CVE-2013-2151 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2024-11-21 | N/A |
Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. |